| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4321AFE5.40600@immunitysec.com> Date: Fri Sep 9 16:53:19 2005 From: dave at immunitysec.com (Dave Aitel) Subject: Mozilla Firefox "Host:" Buffer Overflow Andrew R. Reiter wrote: >On Fri, 9 Sep 2005, Dave Aitel wrote: > >:It's not consideration to hide the actual risk from users of the product. >:That's just Microsoft hogwash. >: >:Right now, everyone knows they are at risk, and what to do about it - we can >:stop using Firefox if we think it's a high enough risk vulnerability to do so. >:This is definately better than just being in the dark for another week or so >:until they get the patch done. >: >:-dave > >What about all those poor mom's and dad's who were encouraged to use >Firefox but have 0 clue as to what the heck Full-Disclosure is? Seems to >me your idea of "everyone" is misguided. > >Cheers, > >: > They can all now be helped by their more technically inclined family members. This isn't an option in vendor-monopoly disclosure models, where you just have to pray that only the vendor and a few other people know about the bug, and they're not bothering to exploit your poor mom or dad (or yourself). They're probably still better off using Firefox, of course, just not completely immune. Which you already assumed, right? -dave
Powered by blists - more mailing lists