|
|
|
|
|
|
by tschneidereit
4136 days ago
|
|
|
Exactly. We did a survey of Flash exploits from the last few years and almost all of them would simply have been impossible in Shumway. That doesn't mean that Shumway will automatically free of all security bugs, but the whole class of bugs that in some way is caused by memory corruption is only possible through bugs in Firefox's JS engine SpiderMonkey. Of course it's much easier to just exploit them in JS directly then, so Shumway doesn't increase the surface attackable through bugs like that. |
|
|