1. By Adam Barth, Joel Weinberger and Dawn Song

2.  Current JavaScript Security Model  Cross-Origin JavaScript Capability Leaks  Capability Leak Detection  Browser Defense Mechanism

6.  The DOM provides an access control layer  The JavaScript engine treats objects as capabilities

7.  Current JavaScript Security Model  Cross-Origin JavaScript Capability Leaks  Capability Leak Detection  Browser Defense Mechanism

12.  Current JavaScript Security Model  Cross-Origin JavaScript Capability Leaks  Capability Leak Detection  Browser Defense Mechanism

14.  In the JavaScript Engine object system  Object creation, destruction and reference  Calls into analysis library

16.  Current JavaScript Security Model  Cross-Origin JavaScript Capability Leaks  Capability Leak Detection  Browser Defense Mechanism

18.  Heap Graph Analysis can be used to find vulnerabilities in web browser  Web Browser can provide mechanism to eliminate these vulnerabilities  Heap Graph Tool and Access Control Prototype for WebKit: