SecurityFocus

Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3.... Jul 21 2009 10:58AM
Thierry Zoller (Thierry zoller lu) (1 replies)

Re: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 03:12PM
Michal Zalewski (lcamtuf coredump cx) (2 replies)

Re: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 22 2009 05:32AM
Andrew Farmer (andfarm gmail com)

Re[2]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 08:00PM
Thierry Zoller (Thierry zoller lu) (1 replies)

Re: Re[2]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 08:05PM
Michal Zalewski (lcamtuf coredump cx) (2 replies)

> Yes, we all know that. The flaw here was not looping on itself a
> thousands of times, wow. It was a DOM implementation flaw.

The code created an oversized list, which does not seem to be that far
from creating an overly nested DOM tree, or drawing an oversized
CANVAS shape, or any other
creating-too-many-things-for-the-renderer-to-handle attacks... but
really, I'm not trying to be dismissive, just saying that a more
holistic approach might be more beneficial in the long run.

/mz

[ reply ]

Re[4]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 11:03PM
Thierry Zoller (Thierry zoller lu) (1 replies)

Re: Re[4]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 11:15PM
Michal Zalewski (lcamtuf coredump cx) (1 replies)

Re[6]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 11:26PM
Thierry Zoller (Thierry zoller lu) (1 replies)

Re: Re[6]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 11:30PM
Michal Zalewski (lcamtuf coredump cx)

Re: Re[2]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 08:46PM
Steven M. Christey (coley linus mitre org) (2 replies)

Re[2]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 22 2009 12:24PM
Thierry Zoller (Thierry zoller lu)

Re[4]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 08:52PM
Thierry Zoller (Thierry zoller lu) (1 replies)

Re[4]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 09:10PM
Steven M. Christey (coley linus mitre org)