Secure Coding mailing list archives
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code
From: michaelslists at gmail.com (michaelslists at gmail.com)
Date: Tue, 28 Mar 2006 21:15:32 -0500
no, a browser written in java would not have buffer overflow/stack issues. the jvm is specifically designed to prevent it ... -- Michael On 3/29/06, Pavel Kankovsky <peak at argo.troja.mff.cuni.cz> wrote:
On Mon, 27 Mar 2006, Brian Eaton wrote:If I run a pure-java browser, for example, no web site's HTML code is going to cause a buffer overflow in the parser.Even a "pure-java browser" would rest on the top of a huge pile of native code (OS, JRE, native libraries). A seemingly innocent piece of data passed to that native code might trigger a bug (perhaps even a buffer overflow) in it... Unlikely (read: less likely than a direct attack vector) but still possible. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Pilon Mntry (Mar 26)
- <Possible follow-ups>
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code michaelslists at gmail.com (Mar 28)
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Andrew van der Stock (Mar 28)
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code michaelslists at gmail.com (Mar 28)
- Java integer overflows (was: a really long topic) Andrew van der Stock (Mar 28)
- Re: Java integer overflows (was: a really long topic) michaelslists at gmail.com (Mar 28)
- Message not available
- Re: [Full-disclosure] Re: Java integer overflows (was: a really long topic) michaelslists at gmail.com (Mar 28)
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Andrew van der Stock (Mar 28)