WebApp Sec mailing list archives
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code
From: michaelslists () gmail com
Date: Wed, 29 Mar 2006 12:49:27 +1100
no, a browser written in java would not have buffer overflow/stack issues. the jvm is specifically designed to prevent it ... -- Michael On 3/29/06, Pavel Kankovsky <peak () argo troja mff cuni cz> wrote:
On Mon, 27 Mar 2006, Brian Eaton wrote:If I run a pure-java browser, for example, no web site's HTML code is going to cause a buffer overflow in the parser.Even a "pure-java browser" would rest on the top of a huge pile of native code (OS, JRE, native libraries). A seemingly innocent piece of data passed to that native code might trigger a bug (perhaps even a buffer overflow) in it... Unlikely (read: less likely than a direct attack vector) but still possible. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
------------------------------------------------------------------------- This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
Current thread:
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, (continued)
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Brian Eaton (Mar 27)
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Pavel Kankovsky (Mar 27)
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Brian Eaton (Mar 27)
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefoxvs IE security, User vs Admin risk profile, and browsers coded in 100%Managed Verifiable code Pavel Kankovsky (Mar 28)
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Pavel Kankovsky (Mar 28)
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability,Firefox vs IE security, User vs Admin risk profile,and browsers coded in 100% Managed Verifiable code Brian Eaton (Mar 29)
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Brian Eaton (Mar 29)
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Brian Eaton (Mar 27)
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Pavel Kankovsky (Mar 28)
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code michaelslists (Mar 28)
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Andrew van der Stock (Mar 28)
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code michaelslists (Mar 28)
- Java integer overflows (was: a really long topic) Andrew van der Stock (Mar 28)
- Re: Java integer overflows (was: a really long topic) michaelslists (Mar 28)
- Re: [Full-disclosure] Re: Java integer overflows (was: a really long topic) Eliah Kagan (Mar 28)
- Re: [Full-disclosure] Re: Java integer overflows (was: a really long topic) michaelslists (Mar 28)
- Re: [Full-disclosure] Re: Java integer overflows (was: a really longtopic) michaelslists (Mar 28)
- Re: [Full-disclosure] Re: Java integer overflows (was: a really longtopic) Eliah Kagan (Mar 28)