subject:"FW\: \[SC\-L\] 4 Questions\: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code"

Re: FW: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code

2006-03-28 Thread michaelslists

On 3/28/06, Michael S Hines <[EMAIL PROTECTED]> wrote: > Isn't it possible to break out of the sandbox even with managed code? (That > is, can't > managed code call out to unmanaged code, i.e. Java call to C++)? I was > thinking this was > documented for Java - perhaps for various flavors of .Ne

Re: FW: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code

2006-03-28 Thread Dinis Cruz

If you are able to make direct calls to unmanaged code, then yes you can jump out of the sandbox (assuming that you are in one in the first place) The environment that I am talking about is one where you have managed and verifiable code which is not allowed to perform dangerous actions (such as ma

FW: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code

2006-03-27 Thread Michael S Hines

Isn't it possible to break out of the sandbox even with managed code? (That is, can't managed code call out to unmanaged code, i.e. Java call to C++)? I was thinking this was documented for Java - perhaps for various flavors of .Net too? --- Michael S Hines [EM