| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri Sep 9 16:56:40 2005
From: arr at watson.org (Andrew R. Reiter)
Subject: Mozilla Firefox "Host:" Buffer Overflow
On Fri, 9 Sep 2005, Dave Aitel wrote:
:Andrew R. Reiter wrote:
:
:> On Fri, 9 Sep 2005, Dave Aitel wrote:
:>
:> :It's not consideration to hide the actual risk from users of the product.
:> :That's just Microsoft hogwash.
:> :
:> :Right now, everyone knows they are at risk, and what to do about it - we can
:> :stop using Firefox if we think it's a high enough risk vulnerability to do
:> so.
:> :This is definately better than just being in the dark for another week or so
:> :until they get the patch done.
:> :
:> :-dave
:>
:> What about all those poor mom's and dad's who were encouraged to use Firefox
:> but have 0 clue as to what the heck Full-Disclosure is? Seems to me your
:> idea of "everyone" is misguided.
:>
:> Cheers,
:>
:> :
:>
:They can all now be helped by their more technically inclined family members.
:This isn't an option in vendor-monopoly disclosure models, where you just have
:to pray that only the vendor and a few other people know about the bug, and
:they're not bothering to exploit your poor mom or dad (or yourself).
:
True.. debatable, so I can't fully disagree with you.
:They're probably still better off using Firefox, of course, just not completely
:immune. Which you already assumed, right?
I love assumptions .. of course I love pain too :P engineering pain.
:
:-dave
:
:
-------------------------------------------------------------
"Natural bridges on a clean west swell,
Break over the reef like a bat of out hell." -- Sublime.
Powered by blists - more mailing lists