While some of the vectors you've mentioned could potentially be exploitable, blaming a "very unsafe programming language," isn't really a good explanation. These issues could occur in any program and any programming language -- it's not a problem specific to C languages.

No, they couldn't occur in "any programming language". In fact there aren't other memory unsafe languages in wide use than C/C++.

And it's not a "potentially" thing, as is apparent to anyone following news about browser vulnerabilities. For a recent public performance, see pwn2own - http://nakedsecurity.sophos.com/2014/03/14/pwn2own-day-two-c...

Most(?) browser vulnerabilities are caused by errors in C++ code which would not be exploitable in memory safe languages. One of the goals of Mozilla's Servo is to write a browser that's memory safe without compromising performance.

I think Servo's "safety" is ultimately due to the fact that it's built on Rust. Rust, however, seems to be ultimately built on C, unless I'm mistaken (having a hard time telling by briefly glancing through their Github, but it looks that way).

My point was that it's not a C specific problem, though. Most browsers are in fact built on C, I agree. This is due primarily to the speed and performance of the language that is harder to reach with other languages.

It is definitely a more difficult language to write, as it is much more "raw," but that doesn't make it inherently unsafe to use, or any more unsafe than other languages.

Care to comment down voters? If you're voting because of my rust comment, maybe read the part where I said "not sure, haven't read much about it."

If you vote because you think C is unsafe, carry on. You're wrong, though.

Rust is self-hosted, so the compiler's written in Rust.