Wednesday, March 19, 2008

Safari Denial Of Service.

Yet, another loop able to build a complete and working attack !
Scripts like the following one are already known to be very injurious for web browsers, but even if everybody knows that, it's still a big problem to current web browsers.


via here

The presented vector uses the character "ā" to fill the buffer and the escape function to encode it ! Again, that's amazing finding these kind of bugs inside the 2008 browser technology..... It's a kind of cool.

No comments: