Bug#568485: webkit: denial-of-service via javascript document.write()

Michael Gilbert michael.s.gilbert at gmail.com
Fri Feb 5 17:07:00 UTC 2010


On Fri, 5 Feb 2010 08:00:15 +0100, Mike Hommey wrote:
> On Thu, Feb 04, 2010 at 10:23:06PM -0500, Michael Gilbert wrote:
> > package: xulrunner
> > severity: normal
> > tags: security
> > 
> > hi, a denial-of-service has been published for safari [0]. i've tested
> > this, and webkit is also affected.
> > 
> > [0] http://seclists.org/bugtraq/2010/Feb/51
> 
> This is a pathetic description, and it has nothing to do with the
> javascript engine. Writing an html page with that much <marquee> tags
> will have the same effect. I'm also pretty sure you can find other
> "advisories" for various other kinds of similar bad handling of massive
> content.

i know, but its now a published issue, and it works. the impact isn't at
all important, but its worth tracking i guess.

mike





More information about the Pkg-webkit-maintainers mailing list