From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,bbe592428babd509 X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news4.google.com!feeder1-2.proxad.net!proxad.net!feeder2-2.proxad.net!newsfeed.arcor.de!newsspool4.arcor-online.net!news.arcor.de.POSTED!not-for-mail Date: Fri, 23 Apr 2010 16:37:03 +0200 From: Georg Bauhaus User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4 MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: Web browser in Ada References: <02c2bf63-260d-4acc-bd58-c8fb8a591ec3@b6g2000yqi.googlegroups.com> <0bf9425c-32a1-4b93-b938-ae4a4e24a761@c21g2000yqk.googlegroups.com> In-Reply-To: <0bf9425c-32a1-4b93-b938-ae4a4e24a761@c21g2000yqk.googlegroups.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Message-ID: <4bd1b090$0$7651$9b4e6d93@newsspool1.arcor-online.net> Organization: Arcor NNTP-Posting-Date: 23 Apr 2010 16:37:04 CEST NNTP-Posting-Host: f5f18515.newsspool1.arcor-online.net X-Trace: DXC=li[6gLTJMh5_A0jCfgHO6>ic==]BZ:af>4Fo<]lROoR1<`=YMgDjhg2D>=kX2P@_e6nc\616M64>:Lh>_cHTX3j=7gXD6XO7g1: X-Complaints-To: usenet-abuse@arcor.de Xref: g2news1.google.com comp.lang.ada:10160 Date: 2010-04-23T16:37:04+02:00 List-Id: On 23.04.10 15:56, Maciej Sobczak wrote: > > Could you refer to an existing browser vulnerability that is related > to the core browser engine and that would be avoided by choosing > another language? > (I'm genuinely interested) Does CSS count? Or image rendering components? "buffer overflow" + {ie6, mozilla, ...} produce a number of search results. Then there is the presence of DEP in recent MS systems brough to your desktop with IE7 ... Buffer overflow continues to rank high, e.g. in the 2010 SANS Top 25: http://cwe.mitre.org/data/definitions/120.html Integer overflow or wraparound and improper array indexing rank somewhat lower, but are present, too. BTW, why do we still subscribe to the notion "integer overflow" when the one thing that any sequence of what is commonly known as integers cannot possibly do is to overflow? Maybe the wording is at the heart of the problem. I think it is adequate and pedagogical to call it "int overflow".