[Webkit-unassigned] [Bug 163748] [JSC] crash via `new Function("}{")`
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 20 22:32:12 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=163748
--- Comment #7 from Brent Fulgham <bfulgham at webkit.org> ---
(In reply to comment #6)
> It’s not so much policy but simply a practical consideration. There are
> *lots* of crashing bugs and I don’t think we treat them all as sensitive
> security bugs. I believe we try to distinguish exploitable crashes from ones
> that are simply an inconvenience.
Exactly. We try to handle bugs that we judge to allow true "exploits" under our more severe 'Security' classification.
While crashes and "eat CPU spinning in a loop" bugs are super annoying, and are things we want to mitigate where possible, they don't rise to quite the same level for our purposes.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161021/37b5ccdd/attachment.html>
More information about the webkit-unassigned
mailing list