SecurityFocus

Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3.... Jul 21 2009 10:58AM
Thierry Zoller (Thierry zoller lu) (1 replies)

Re: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 03:12PM
Michal Zalewski (lcamtuf coredump cx) (2 replies)

Re: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 22 2009 05:32AM
Andrew Farmer (andfarm gmail com)

On 21 Jul 2009, at 08:12, Michal Zalewski wrote:
> There are literally thousands of HTML- and JavaScript-related denial
> of service vectors in modern browsers...

There's one significant difference in this one, though: while a bunch
of nested <div>s (for instance) will just mess with the HTML renderer,
a malformed or oversized <select> element may end up passing bad data
to native menu APIs. It's one of the only elements I can think of
offhand that often has effects which extend outside the HTML canvas.

[ reply ]

Re[2]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 08:00PM
Thierry Zoller (Thierry zoller lu) (1 replies)

Re: Re[2]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 08:05PM
Michal Zalewski (lcamtuf coredump cx) (2 replies)

Re[4]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 11:03PM
Thierry Zoller (Thierry zoller lu) (1 replies)

Re: Re[4]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 11:15PM
Michal Zalewski (lcamtuf coredump cx) (1 replies)

Re[6]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 11:26PM
Thierry Zoller (Thierry zoller lu) (1 replies)

Re: Re[6]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 11:30PM
Michal Zalewski (lcamtuf coredump cx)

Re: Re[2]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 08:46PM
Steven M. Christey (coley linus mitre org) (2 replies)

Re[2]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 22 2009 12:24PM
Thierry Zoller (Thierry zoller lu)

Re[4]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 08:52PM
Thierry Zoller (Thierry zoller lu) (1 replies)

Re[4]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Jul 21 2009 09:10PM
Steven M. Christey (coley linus mitre org)