Full Disclosure mailing list archives

Re: Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....

From: Andrew Farmer <andfarm () gmail com>
Date: Tue, 21 Jul 2009 22:32:29 -0700

On 21 Jul 2009, at 08:12, Michal Zalewski wrote:

There are literally thousands of HTML- and JavaScript-related denial
of service vectors in modern browsers...


There's one significant difference in this one, though: while a bunch  
of nested <div>s (for instance) will just mess with the HTML renderer,  
a malformed or oversized <select> element may end up passing bad data  
to native menu APIs. It's one of the only elements I can think of  
offhand that often has effects which extend outside the HTML canvas.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3...., (continued)
- - - Re: Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Thierry Zoller (Jul 21)
    - Re: Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Fionnbharr (Jul 21)
    - Re: Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Michal Zalewski (Jul 21)
    - Re: Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Thierry Zoller (Jul 21)
    - Re: Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Michal Zalewski (Jul 21)
    - Re: Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Thierry Zoller (Jul 21)
    - Re: Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Steven M. Christey (Jul 22)
    - Re: Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Thierry Zoller (Jul 21)
    - Re: Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Steven M. Christey (Jul 21)
    - Re: Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Thierry Zoller (Jul 22)
  - Re: Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... Andrew Farmer (Jul 21)