"Robust" was an expression used by heise.de . I'm not happy with this myself.
In my point of view "junk" or malformed (X-)HTML should not lead to an undetermined state like frezzing, memory exhaustion, crashes etc. . The latter one has always been of interest considering the large number of not standard-compliant webpages. I have no expierience in buffer overflows myself so far, but I've heard that crashes maybe could get used for injecting malicious code into an, in our case, remote system. Therefore we are already speaking of the web as it exists. However , it is very good to hear that the bugs have been filed and get the attention they need. best regards Marko Steinberger Gervase Markham schrieb: > Marko Steinberger wrote: > >> So I suggest that any Developer should have a look at this, because >> advantage in security above ie is a big reason for why people begin to >> choose more and more ie alternatives like e.g. Firefox. > > > Bugs have already been filed; although I wouldn't define whether a > browser was "robust" or not based on how well it handled > randomly-generated input, I would judge it on how will it handled the > Web as it exists. It's also worth stating that none of these crashes > have yet been proved to lead to security holes. > > Still, we should obviously look into this - and people are. > > Gerv _______________________________________________ Mozilla-security mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-security
