Full Disclosure mailing list archives

Re: safari dos

From: "kang () insecure ws" <kang () insecure ws>
Date: Sat, 22 Nov 2003 12:37:32 +0100

Christian Horchert wrote:

Am 22.11.2003 um 01:58 schrieb kang () insecure ws:
Original is here:http://www.insecure.ws/article.php?story=20031122012748282
Safari will never exit a loop in javascript. Since javascript isn'texecuted in a thread, this cause a DoS (Safari crashes).Firebird has been tested and is not vulnerable. I don't know aboutother browers on MacOSX, but they are probably not vulnerable.(OmniWeb?)
BBEdit ate cpu while previewing.
Mhhh... aren't there quite a couple of programmes utelizing thefoundation :-\
  Christian

Sherlock uses it too, I believe a few other also. It seems to me thatiTunes only uses an xml engine, but not the webkit. (No webkit calls,etc, I'm positive that itunes doesn't uses it)


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

safari dos kang () insecure ws (Nov 21)
- Re: safari dos Christian Horchert (Nov 21)
  - Re: safari dos kang () insecure ws (Nov 22)
  - Re: safari dos Christian Horchert (Nov 22)
- Re: safari dos Christian Horchert (Nov 22)
  - Re: safari dos kang () insecure ws (Nov 22)
    - Re: safari dos Christian Horchert (Nov 22)
- Re: safari dos Grant Husbands (Nov 23)
- <Possible follow-ups>
- RE: safari dos Grant Husbands (Nov 23)