[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5e01c29a0603281749y47b5396w382cd718a1a832ab@mail.gmail.com>
Date: Wed Mar 29 02:49:35 2006
From: michaelslists at gmail.com (michaelslists@...il.com)
Subject: 4 Questions: Latest IE vulnerability,
Firefox vs IE security, User vs Admin risk profile,
and browsers coded in 100% Managed Verifiable code
no, a browser written in java would not have buffer overflow/stack
issues. the jvm is specifically designed to prevent it ...
-- Michael
On 3/29/06, Pavel Kankovsky <peak@...o.troja.mff.cuni.cz> wrote:
> On Mon, 27 Mar 2006, Brian Eaton wrote:
>
> > If I run a pure-java browser, for example, no web site's HTML code is
> > going to cause a buffer overflow in the parser.
>
> Even a "pure-java browser" would rest on the top of a huge pile of native
> code (OS, JRE, native libraries). A seemingly innocent piece of data
> passed to that native code might trigger a bug (perhaps even a buffer
> overflow) in it...
>
> Unlikely (read: less likely than a direct attack vector) but still
> possible.
>
> --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
> "Resistance is futile. Open your source code and prepare for assimilation."
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Powered by blists - more mailing lists