[nbpoole]

Right. But I can very easily find reports of reliable ways to crash IE via CSS: https://www.google.com/search?q=crash+ie+css

I don't have a problem with your blog post. It documents how to reproduce the issue referenced in a particular CVE. But I'm curious what value people are deriving from reading it.

[yuhong]

Not all are exploitable.

[nbpoole]

Right. But your post shows that you can reliably get the browser to crash. It doesn't demonstrate that the crash is exploitable, unless I'm missing something.

[yuhong]

I was able to prove that it was potentially exploitable to MSRC, which is how I got them to fix it. There are a lot of non-exploitable crashes such as null pointer dereferences that MSRC will not consider as security bugs.