[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code

To: michaelslists@xxxxxxxxx
Subject: Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code
From: Andrew van der Stock <vanderaj@xxxxxxxxxx>
Date: Wed, 29 Mar 2006 13:17:12 +1100

This is not quite true.

Java does not prevent integer overflows (it will not throw anexception). So you still have to be careful about array indexes.


Andrew

On 29/03/2006, at 12:49 PM, michaelslists@xxxxxxxxx wrote:

no, a browser written in java would not have buffer overflow/stack
issues. the jvm is specifically designed to prevent it ...

-- Michael

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code
  - From: michaelslists

References:

Prev by Date: [Full-disclosure] Owasp SiteGenerator v0.70 (public beta release)
Next by Date: Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
Previous by thread: Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code
Next by thread: Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code
Index(es):
- Date
- Thread