[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] safari dos

To: Christian Horchert <chorchert@veedev.de>, full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] safari dos
From: "kang@insecure.ws" <kang@insecure.ws>
Date: Sat, 22 Nov 2003 12:37:32 +0100

Christian Horchert wrote:

Am 22.11.2003 um 01:58 schrieb kang@insecure.ws:

Original is here: http://www.insecure.ws/article.php?story=20031122012748282

Safari will never exit a loop in javascript. Since javascript isn't executed in a thread, this cause a DoS (Safari crashes). Firebird has been tested and is not vulnerable. I don't know about other browers on MacOSX, but they are probably not vulnerable. (OmniWeb?)

BBEdit ate cpu while previewing. Mhhh... aren't there quite a couple of programmes utelizing the foundation :-\

Christian

Sherlock uses it too, I believe a few other also. It seems to me that iTunes only uses an xml engine, but not the webkit. (No webkit calls, etc, I'm positive that itunes doesn't uses it)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] safari dos
  - From: "kang@insecure.ws" <kang@insecure.ws>
- Re: [Full-Disclosure] safari dos
  - From: Christian Horchert <chorchert@veedev.de>

Prev by Date: [Full-Disclosure] Opera directory traversal and buffer overflow
Next by Date: [Full-Disclosure] [SCSA-021] Anonymous Mail Forwarding Vulnerabilities in vbPortal
Previous by thread: Re: [Full-Disclosure] safari dos
Next by thread: Re: [Full-Disclosure] safari dos
Index(es):
- Date
- Thread