Hacker News new | past | comments | ask | show | jobs | submit login

The part about reference counting in the DOM is poorly researched BS.

First, none of the P0 reported exploits attacked the DOM. The WebKit bugs were all JSC and none of them had anything to do with reference counting. One of them was a garbage collection bug.

Second, WebKit’s DOM has a powerful use-after-free protection called isoheaps. Isoheaps mean that virtual memory is never reused between types, which neutralizes the UaF->typeconfusion vector. This is a better protection for the DOM than a garbage collector since garbage collectors are more likely to have bugs than isoheaps.

I think that comparing browser security so hard. Maybe too hard for this Andy Greenberg person.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact