Re: [Full-disclosure] Apple Safari ... DoS Vulnerability

Browsers could reasonably implement various kinds of resource expenditure
limitations, but few, if any, do OOTB (FF 2.x I think added some basic
"this script is taking too long" controls, but there is a lot more that
could be done).

IE, Firefox, Safari and Chrome all have basic protection against
long-running scripts -
has some information on each implementation.

What else would you have browser vendors do? I expect they think their
current strategy of responding to specific bugs along with a bit of
fuzzing and insane-input-testing is cost-effective and 'good enough'
for their users.



Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Relevant Pages

  • Re: Error packaging ADP install
    ... Yes to get around most of SMS Installer's limitations you can simply create ... a separate script and use the include script function... ... So, if I create another package with ReportSmith in it, I ...
  • Re: Lesebest√§tigung nach extern abschaltbar?
    ... mal ne Frage dazu: ... 'There are some known limitations of this script, ... read receipt requests from Rich Text messages and internal mails' ...
    ... how do you interface from the script to ... the ROMs from an existing one unless you wanted the exact same ruleset ... and all of the limitations of a piece of embedded software written 20 ...
  • Re: Translate standard date/time format to EPOCH seconds
    ... I cannot use a module in this situation due to limitations of ... >: the runtime environment. ... Am I wrong or is it - if possible to write own code in an own script - also ... > Charles K. Clarkson ...
  • Re: Testing Original Script
    ... This is the Original Script that Richard posted a couple of years ago, ... controls in the Popup to control midi volume and scrolling. ...