[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri Sep 9 16:56:40 2005
From: arr at watson.org (Andrew R. Reiter)
Subject: Mozilla Firefox "Host:" Buffer Overflow
On Fri, 9 Sep 2005, Dave Aitel wrote:
:Andrew R. Reiter wrote:
:
:> On Fri, 9 Sep 2005, Dave Aitel wrote:
:>
:> :It's not consideration to hide the actual risk from users of the product.
:> :That's just Microsoft hogwash.
:> :
:> :Right now, everyone knows they are at risk, and what to do about it - we can
:> :stop using Firefox if we think it's a high enough risk vulnerability to do
:> so.
:> :This is definately better than just being in the dark for another week or so
:> :until they get the patch done.
:> :
:> :-dave
:>
:> What about all those poor mom's and dad's who were encouraged to use Firefox
:> but have 0 clue as to what the heck Full-Disclosure is? Seems to me your
:> idea of "everyone" is misguided.
:>
:> Cheers,
:>
:> :
:>
:They can all now be helped by their more technically inclined family members.
:This isn't an option in vendor-monopoly disclosure models, where you just have
:to pray that only the vendor and a few other people know about the bug, and
:they're not bothering to exploit your poor mom or dad (or yourself).
:
True.. debatable, so I can't fully disagree with you.
:They're probably still better off using Firefox, of course, just not completely
:immune. Which you already assumed, right?
I love assumptions .. of course I love pain too :P engineering pain.
:
:-dave
:
:
-------------------------------------------------------------
"Natural bridges on a clean west swell,
Break over the reef like a bat of out hell." -- Sublime.
Powered by blists - more mailing lists