On Mon, 27 Mar 2006, Brian Eaton wrote: > If I run a pure-java browser, for example, no web site's HTML code is > going to cause a buffer overflow in the parser.
Even a "pure-java browser" would rest on the top of a huge pile of native code (OS, JRE, native libraries). A seemingly innocent piece of data passed to that native code might trigger a bug (perhaps even a buffer overflow) in it... Unlikely (read: less likely than a direct attack vector) but still possible. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
