[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Yet another Disturbing type of Exploit


Summary: A way of exploiting web browsers located within the security perimeter (i.e access to internal network) using something like javascript from an external web page to launch a buffer overflow attack on internal network. Seems like problems like this could have have serious implications against many applications that are badly written but thought safe since not exposed to Internet. Obviously LSMB would not be susceptible to buffer overflows, but every day I see more and more seriously negative stuff about javascript. My understanding is that LSMB development is going to add a lot of javascript based web 2.0/ajax type stuff, which IS wonderful to use. Are there plans for the new interfaces to "degrade gracefully" without loss of function (some loss of convenience couldn't be avoided), if a person found that javascript HAD to be turned off and kept off because of non-LSMB security issues?

Chris Bennett