|
BugTraq
Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3.... Jul 21 2009 10:58AM Thierry Zoller (Thierry zoller lu) (1 replies) Re: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 03:12PM Michal Zalewski (lcamtuf coredump cx) (2 replies) Re: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 22 2009 05:32AM Andrew Farmer (andfarm gmail com) |
|
Privacy Statement |
Yes, we all know that. The flaw here was not looping on itself a
thousands of times, wow. It was a DOM implementation flaw. That's
what made it interesting. A border case that was not accounted for.
That's all, still interesting. I don't see how Javascripts endless
loops are similar at all - sorry.
MZ> There are literally thousands of HTML- and JavaScript-related denial
MZ> of service vectors in modern browsers. If you want a silly, ad hoc
MZ> example I just made up on the spot (and so could any reader of the
MZ> list), try:
MZ> foo = '<marquee>';
MZ> for (i=0;i<7;i++) foo += foo;
MZ> for (i=0;i<10000;i++) document.write(foo);
--
http://blog.zoller.lu
Thierry Zoller
[ reply ]