| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20111222124013.GA2403@sivokote.iziade.m$> Date: Thu, 22 Dec 2011 14:40:13 +0200 From: Georgi Guninski <guninski@...inski.com> To: John Adams <jna@...tter.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Fwd: Re: OT: Firefox question / poll On Tue, Dec 20, 2011 at 12:27:59PM -0800, John Adams wrote: > On Tue, Dec 20, 2011 at 12:18 PM, Dave <mrx@...pergander.org.uk> wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > On 20/12/2011 17:40, Charles Morris wrote: > > > I'm curious what everyone's opinion is on the following question... esp. > > to any FF dev people on list: > > > > > > Do you think that the Firefox "warning: unresponsive script" is meant as > > a security feature or a usability feature? > > > > > It's neither, but could be construed to be a security feature. > I doubt it is a real security feature. Possibly one can refactor the code with the like of setTimeout() and run the script for arbitrary amount of time. If it really worked, it might stop some refcount overflows needing loop to 2^32. By accident it might probably stop some exploits, don't know. -- j _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists