Dailydave: Re: Databases are too easy.

[Thor Larholm <thor () polypath com>]

Dave Korn wrote:

> Who would have thought an email could infect your computer?  Nobody,
> until M$ added all that active content: flashy bells and whistles
There's been plenty of vulnerabilities in email and HTML caused by 
non-active content, primarily overflows due to improper parsing of 
headers and mime boundaries. Microsoft is definitely not the only one 
plagued by those, and their vulnerabilities in email applications has 
mainly been due to their HTML integration and, by extension, IE 
vulnerabilities.

> Who would have thought browsing a webpage could launch random other
> applications on your computer? Nobody, until microsoft decided to let
> IE launch office applications, and invoke media player, and whatever 
else.  

Yes, IE has been a horrendous melting pot of functionality that each 
increased complexity beyond the point where all possible interactions 
could be logically deduced, or even properly fuzzed. Most of the 
traditional IE vulnerabilities outside overflows have been logic flaws 
which are eerily similar to the continuous Chrome flaws in Firefox.

> I'll eat my hat if somewhere down the line we don't see websites
> being able to do SQL injection into clients' browsers and thence
> own the machine.  
Firefox has an SQLite implementation of their memory and disk browser 
cache that's just waiting to be turned on with a configure option. I've 
already reported SQL injection vulnerabilities in that code which can be 
used for file reading, writing and execution, but it's not going to get 
any attention until just prior to the feature being enabled for the main 
distributions.


Regards
Thor Larholm
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave