a future caller alternative ?

Andrea Giammarchi andrea.giammarchi at gmail.com
Fri Mar 8 15:07:11 PST 2013


OK but if it's about being able to break an environment caller would be at
the end of a list of problems :-/


On Fri, Mar 8, 2013 at 2:51 PM, Brandon Benvie <bbenvie at mozilla.com> wrote:

> As an example of the security vulnerabilities possibly exposed by being
> able able to get the caller, look to V8's somewhat recently fixed
> toString/valueOf caller that exposed the internal operator functions like
> MUL, DIV, etc. Unpatchable (by something like Caja) communication channels,
> capability leaks abound. http://bbenvie.com/articles/**
> 2012-08-29/Interview-With-the-**All-Stars-From-V8-s-runtime-**js-<http://bbenvie.com/articles/2012-08-29/Interview-With-the-All-Stars-From-V8-s-runtime-js->
>
> ______________________________**_________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/**listinfo/es-discuss<https://mail.mozilla.org/listinfo/es-discuss>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20130308/66451c8c/attachment-0001.html>


More information about the es-discuss mailing list