Yet, another loop able to build a complete and working attack !
Scripts like the following one are already known to be very injurious for web browsers, but even if everybody knows that, it’s still a big problem to current web browsers.

via here

The presented vector uses the character “ā” to fill the buffer and the escape function to encode it ! Again, that’s amazing finding these kind of bugs inside the 2008 browser technology….. It’s a kind of cool.