Re: Re[2]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Yes,  we  all  know  that.  The  flaw here was not looping on itself a
> thousands  of  times,  wow.  It was a DOM implementation flaw.

The code created an oversized list, which does not seem to be that far
from creating an overly nested DOM tree, or drawing an oversized
CANVAS shape, or any other
creating-too-many-things-for-the-renderer-to-handle attacks... but
really, I'm not trying to be dismissive, just saying that a more
holistic approach might be more beneficial in the long run.

/mz


[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux