I discovered arbitrary code execution holes in Firefox, Internet Explorer, and Opera that involve human reaction time. One version of the attack works like this: The page contains a captcha displaying the word “only” and asks you to type the word to verify that you are a human. As soon as you type ‘n’, the … Continue reading Race conditions in security dialogs