SecurityFocus

Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3.... Jul 21 2009 10:58AM
Thierry Zoller (Thierry zoller lu) (1 replies)

Re: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 03:12PM
Michal Zalewski (lcamtuf coredump cx) (2 replies)

Re: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 22 2009 05:32AM
Andrew Farmer (andfarm gmail com)

Re[2]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 08:00PM
Thierry Zoller (Thierry zoller lu) (1 replies)

Hi Michal,

Yes, we all know that. The flaw here was not looping on itself a
thousands of times, wow. It was a DOM implementation flaw. That's
what made it interesting. A border case that was not accounted for.

That's all, still interesting. I don't see how Javascripts endless
loops are similar at all - sorry.

MZ> There are literally thousands of HTML- and JavaScript-related denial
MZ> of service vectors in modern browsers. If you want a silly, ad hoc
MZ> example I just made up on the spot (and so could any reader of the
MZ> list), try:

MZ> foo = '<marquee>';
MZ> for (i=0;i<7;i++) foo += foo;
MZ> for (i=0;i<10000;i++) document.write(foo);

--
http://blog.zoller.lu
Thierry Zoller

[ reply ]

Re: Re[2]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 08:05PM
Michal Zalewski (lcamtuf coredump cx) (2 replies)

Re[4]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 11:03PM
Thierry Zoller (Thierry zoller lu) (1 replies)

Re: Re[4]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 11:15PM
Michal Zalewski (lcamtuf coredump cx) (1 replies)

Re[6]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 11:26PM
Thierry Zoller (Thierry zoller lu) (1 replies)

Re: Re[6]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 11:30PM
Michal Zalewski (lcamtuf coredump cx)

Re: Re[2]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 08:46PM
Steven M. Christey (coley linus mitre org) (2 replies)

Re[2]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 22 2009 12:24PM
Thierry Zoller (Thierry zoller lu)

Re[4]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 08:52PM
Thierry Zoller (Thierry zoller lu) (1 replies)

Re[4]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 09:10PM
Steven M. Christey (coley linus mitre org)