Oddbean new post about | logout
 When are we going to take Rust parsing seriously? Firefox 117.0.1 (and also Chromium, which means all Electron apps) had to fix a libwebp buffer overflow that could lead to remote code execution, and now Firefox 118.0.1 (and also Chromium, which means all Electron Apps) has to fix a libvpx buffer overflow that could lead to remote code execution _just two weeks later_. These are just two C libraries used by ALL browsers and many programs, handling remote input in an unsafe way!