| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200603280317.k2S3HJSx007918@turing-police.cc.vt.edu> Date: Tue Mar 28 04:17:30 2006 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: EEYE: Temporary workaround for IE createTextRange vulnerab On Mon, 27 Mar 2006 20:43:41 CST, s89df987 s9f87s987f said: > no work around is needed, there has been a solution all along.. > one word.. firefox It may be "one word" to you, but it can be a very expensive solution for a company. Somebody has to deploy firefox on the desktops (a pain in the butt even if you *do* use a Windows GPO to push it - something odd will go wrong with some of the boxes, requiring support). Somebody has to make sure that *all* the bookmarks and configuration settings migrated correctly, and to help the users who have issues. Somebody has to handle all the odd support calls that converting to Firefox will cause. For instance, what happens in Firefox if you change the value of network.cookie.lifetimePolicy from 1 to 3? Somebody gets to retrain all the users who memorized things by rote. If 'print' moves from the 3rd entry on the second from the left menu to the 7th entry on the leftmost menu, that will ruin their day. All this stuff adds up. And then of course, what is your solution when the inevitable (there's been several already) security issue in Firefox comes out? Everybody swap back to IE? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 228 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060327/a4277792/attachment.bin
Powered by blists - more mailing lists