[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Fwd: Re: OT: Firefox question / poll

To: John Adams <jna@xxxxxxxxxxx>
Subject: Re: [Full-disclosure] Fwd: Re: OT: Firefox question / poll
From: Georgi Guninski <guninski@xxxxxxxxxxxx>
Date: Thu, 22 Dec 2011 14:40:13 +0200

On Tue, Dec 20, 2011 at 12:27:59PM -0800, John Adams wrote:
> On Tue, Dec 20, 2011 at 12:18 PM, Dave <mrx@xxxxxxxxxxxxxxxxxxx> wrote:
> 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On 20/12/2011 17:40, Charles Morris wrote:
> > > I'm curious what everyone's opinion is on the following question... esp.
> > to any FF dev people on list:
> > >
> > > Do you think that the Firefox "warning: unresponsive script" is meant as
> > a security feature or a usability feature?
> >
> >
> It's neither, but could be construed to be a security feature.
>

I doubt it is a real security feature.

Possibly one can refactor the code with the like of setTimeout() and run
the script for arbitrary amount of time.

If it really worked, it might stop some refcount overflows needing loop
to 2^32.

By accident it might probably stop some exploits, don't know.

-- 
j

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Fwd: Re: OT: Firefox question / poll
  - From: Dave
- Re: [Full-disclosure] Fwd: Re: OT: Firefox question / poll
  - From: John Adams

Prev by Date: [Full-disclosure] [MATTA-2011-001] pfSense x509 Insecure Certificate Creation
Next by Date: Re: [Full-disclosure] OT: Firefox question / poll
Previous by thread: Re: [Full-disclosure] Fwd: Re: OT: Firefox question / poll
Next by thread: [Full-disclosure] TWSL2011-018: Authentication Bypass Vulnerability in IBM TS3100/TS3200 Web User Interface
Index(es):
- Date
- Thread