WebApp Sec: Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code

From: Andrew van der Stock <vanderaj () greebo net>
Date: Wed, 29 Mar 2006 13:17:12 +1100

This is not quite true.

Java does not prevent integer overflows (it will not throw anexception). So you still have to be careful about array indexes.


Andrew

On 29/03/2006, at 12:49 PM, michaelslists () gmail com wrote:

no, a browser written in java would not have buffer overflow/stack
issues. the jvm is specifically designed to prevent it ...

-- Michael

Attachment: smime.p7s
Description:

By Date By Thread

Current thread:

Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, (continued)
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Pavel Kankovsky (Mar 27)
  - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Brian Eaton (Mar 27)
    - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Pavel Kankovsky (Mar 28)
    - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code michaelslists (Mar 28)
    - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Andrew van der Stock (Mar 28)
    - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code michaelslists (Mar 28)
    - Java integer overflows (was: a really long topic) Andrew van der Stock (Mar 28)
    - Re: Java integer overflows (was: a really long topic) michaelslists (Mar 28)
    - Re: [Full-disclosure] Re: Java integer overflows (was: a really long topic) Eliah Kagan (Mar 28)
    - Re: [Full-disclosure] Re: Java integer overflows (was: a really long topic) michaelslists (Mar 28)