| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Mar 29 02:49:35 2006 From: michaelslists at gmail.com (michaelslists@...il.com) Subject: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code no, a browser written in java would not have buffer overflow/stack issues. the jvm is specifically designed to prevent it ... -- Michael On 3/29/06, Pavel Kankovsky <peak@...o.troja.mff.cuni.cz> wrote: > On Mon, 27 Mar 2006, Brian Eaton wrote: > > > If I run a pure-java browser, for example, no web site's HTML code is > > going to cause a buffer overflow in the parser. > > Even a "pure-java browser" would rest on the top of a huge pile of native > code (OS, JRE, native libraries). A seemingly innocent piece of data > passed to that native code might trigger a bug (perhaps even a buffer > overflow) in it... > > Unlikely (read: less likely than a direct attack vector) but still > possible. > > --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] > "Resistance is futile. Open your source code and prepare for assimilation." > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
Powered by blists - more mailing lists