lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: hjtoi at comcast.net (Heikki Toivonen)
Subject: Browser bugs [DoS] ... where will you draw
 a line?

bipin gautam wrote:
> Browser bugs [DoS] ... where will you draw a line?

Browser DoS bugs don't get high priority because they are so easy to 
avoid. For example, if you go to a website that crashes your browser, 
hangs it, or launches 10,000 popup windows you can simply kill the 
browser and never go to that site again. Annoying, yes, but that's about it.

DoS bugs that cause permanent damage are treated differently, of course. 
For example, I could imagine a bug that would corrupt some critical file 
and the browser would no longer start. Those bugs would be fixed fast, 
like traditional security vulnerabilities.

-- 
   Heikki Toivonen


Powered by blists - more mailing lists