Gnash, Lightspark, and Shumway
Posted Nov 25, 2012 21:38 UTC (Sun) by khim
In reply to: Gnash, Lightspark, and Shumway
Parent article: Gnash, Lightspark, and Shumway
No, it's not. There are about bazillion vulnerabilities found on web sites every day. I mean, XSS, data leaks, etc. Vulnerabilities which affect the web application itself, not the rest of the system.
Rest of the system is not affected by JS vulnerabilities because web apps are sandboxed. Well, you can sandbox C++ application, too, so what's the big deal?
On the other hand, NEARLY ALL security announcements these days are a result of undefined behavior in C code.
Do you add some data from user to the page? Thank you, thank you - that's eval right there, just add <script></script>.
Do you change innerHTML? Thank you, thank you - that's another place for eval, just add "<script></script>". And so on.
to post comments)