WebApp Sec mailing list archives

Re: [Full-disclosure] 4 Questions: Latest IE vulnerability,Firefox vs IE security, User vs Admin risk profile,and browsers coded in 100% Managed Verifiable code

From: "Andrew van der Stock" <vanderaj () greebo net>
Date: Tue, 28 Mar 2006 22:45:34 -0500

This is not quite true.

Java does not prevent integer overflows (it will not throw anexception). So you still have to be careful about array indexes.


Andrew

On 29/03/2006, at 12:49 PM, michaelslists () gmail com wrote:

no, a browser written in java would not have buffer overflow/stack
issues. the jvm is specifically designed to prevent it ...

-- Michael

Attachment: smime.p7s
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------

Current thread:

Re: Java integer overflows (was: a really long topic), (continued)
- - - Re: Java integer overflows (was: a really long topic) michaelslists (Mar 28)
    - Re: [Full-disclosure] Re: Java integer overflows (was: a really long topic) Eliah Kagan (Mar 28)
    - Re: [Full-disclosure] Re: Java integer overflows (was: a really long topic) michaelslists (Mar 28)
    - Re: [Full-disclosure] Re: Java integer overflows (was: a really longtopic) michaelslists (Mar 28)
    - Re: [Full-disclosure] Re: Java integer overflows (was: a really longtopic) Eliah Kagan (Mar 28)
    - [Full-disclosure] Re: Java integer overflows (was: a really longtopic) michaelslists (Mar 28)
    - Re: Java integer overflows (was: a really long topic) Eoin (Mar 29)
    - Re: [Full-disclosure] Java integer overflows (was: a really long topic) Simon Roberts (Mar 29)
    - RE: [Full-disclosure] Java integer overflows (was: a really long topic) Tim Hollebeek (Mar 30)
    - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability,Firefox vs IE security, User vs Admin risk profile,and browsers coded in 100% Managed Verifiable code michaelslists (Mar 28)
    - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability,Firefox vs IE security, User vs Admin risk profile,and browsers coded in 100% Managed Verifiable code Andrew van der Stock (Mar 28)
    - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability,Firefox vs IE security, User vs Admin risk profile,and browsers coded in 100% Managed Verifiable code Brian Eaton (Mar 29)
    - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Brian Eaton (Mar 29)