On 21 Jul 2009, at 08:12, Michal Zalewski wrote:
There are literally thousands of HTML- and JavaScript-related denial of service vectors in modern browsers...
There's one significant difference in this one, though: while a bunch of nested <div>s (for instance) will just mess with the HTML renderer, a malformed or oversized <select> element may end up passing bad data to native menu APIs. It's one of the only elements I can think of offhand that often has effects which extend outside the HTML canvas.