This one time, at band camp, Mike Hommey said: > On Tue, Nov 22, 2005 at 12:41:21PM +0000, Stephen Gran > <[EMAIL PROTECTED]> wrote: > > This one time, at band camp, Mike Hommey said: > > > Until it is proven to be exploitable, this can't be critical. > > > > Did you look at the link included? There is a proof of concept > > exploit on the page under the 'exploit' tab. > > Yes, it does crash the browser. No it is not a security breach that > can be exploited to, for example, run arbitrary code or such.
So this is a failed memory allocation or null pointer dereference, rather than the integer overflow that it sounds like? I admit, I have not looked at the IFRAME handling code, so I'm just curious. If it is an integer overflow, then the ability to execute arbitrary code is there. If it's a crash due to an uncaught memory allocation failure or something, then you are right, and this is merely important. Take care, -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
signature.asc
Description: Digital signature
