[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <448e9a320907211305h213a32dcy6cafb1b4c7f192d3@mail.gmail.com>
Date: Tue, 21 Jul 2009 13:05:24 -0700
From: Michal Zalewski <lcamtuf@...edump.cx>
To: Thierry Zoller <Thierry@...ler.lu>
Cc: info@...cl.etat.lu, vuln@...unia.com, cert@...t.org,
full-disclosure <full-disclosure@...ts.grok.org.uk>,
bugtraq <bugtraq@...urityfocus.com>, cve@...re.org, nvd@...t.gov
Subject: Re: Update: [GSEC-TZO-44-2009] One bug to rule
them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey,
iPhone, iPod, Wii, PS3....
> Yes, we all know that. The flaw here was not looping on itself a
> thousands of times, wow. It was a DOM implementation flaw.
The code created an oversized list, which does not seem to be that far
from creating an overly nested DOM tree, or drawing an oversized
CANVAS shape, or any other
creating-too-many-things-for-the-renderer-to-handle attacks... but
really, I'm not trying to be dismissive, just saying that a more
holistic approach might be more beneficial in the long run.
/mz
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists