Re: Re[2]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....

---

• From: Michal Zalewski <lcamtuf@xxxxxxxxxxx>
• Date: Tue, 21 Jul 2009 13:05:24 -0700

---

Yes,  we  all  know  that.  The  flaw here was not looping on itself a
thousands  of  times,  wow.  It was a DOM implementation flaw.

The code created an oversized list, which does not seem to be that far
from creating an overly nested DOM tree, or drawing an oversized
CANVAS shape, or any other
creating-too-many-things-for-the-renderer-to-handle attacks... but
really, I'm not trying to be dismissive, just saying that a more
holistic approach might be more beneficial in the long run.

/mz

---

• Follow-Ups:
  • Re[4]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
    • From: Thierry Zoller
  • Re: Re[2]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
    • From: Steven M. Christey

• References:
  • Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....
    • From: Thierry Zoller
  • Re: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
    • From: Michal Zalewski
  • Re[2]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
    • From: Thierry Zoller

• Prev by Date: Re[2]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
• Next by Date: Re[4]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
• Previous by thread: Re[2]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
• Next by thread: Re: Re[2]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Fire ... from creating an overly nested DOM tree, or drawing an oversized ... CANVAS shape, or any other ... (Full-Disclosure) Re: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Fire ... MZ> from creating an overly nested DOM tree, or drawing an oversized ... Interesting tidbit: ... The W3C DOM specifies the select.length attribute to be *read only*. ... (Full-Disclosure) Re[4]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - F ... MZ> from creating an overly nested DOM tree, or drawing an oversized ... Interesting tidbit: ... The W3C DOM specifies the select.length attribute to be *read only*. ... (Bugtraq)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2009-07