[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[4]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....

To: Michal Zalewski <lcamtuf@xxxxxxxxxxx>
Subject: Re[4]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
From: Thierry Zoller <Thierry@xxxxxxxxx>
Date: Wed, 22 Jul 2009 01:03:14 +0200

Hi Michal,

MZ>  which does not seem to be that far
MZ> from creating an overly nested DOM tree, or drawing an oversized

Interesting tidbit:
The W3C DOM specifies the select.length attribute to be *read only*.
Yet   (all)  browsers  have  implemented  it  allowing to write to it. I
am not sure what use that has (?) but one thing is sure, they failed
to add a limit, the W3C didn't, but that's because it was never meant
to be written to in the first place.


-- 
http://blog.zoller.lu
Thierry Zoller

Follow-Ups:
- Re: Re[4]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
  - From: Michal Zalewski

References:
- Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....
  - From: Thierry Zoller
- Re: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
  - From: Michal Zalewski
- Re[2]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
  - From: Thierry Zoller
- Re: Re[2]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
  - From: Michal Zalewski

Prev by Date: [security bulletin] HPSBUX02437 SSRT090038 rev.1 - HP-UX Running XNTP, Remote Execution of Arbitrary Code
Next by Date: Need information, for MPlayer demux_open_vqf TwinVQ File Handling Buffer Overflow CVE-2008-5616
Previous by thread: Re[2]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
Next by thread: Re: Re[4]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
Index(es):
- Date
- Thread