| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue Mar 28 04:22:06 2006 From: jasper at album.co.nz (Jasper Bryant-Greene) Subject: EEYE: Temporary workaround for IE createTextRange vulnerab Valdis.Kletnieks@...edu wrote: > On Mon, 27 Mar 2006 20:43:41 CST, s89df987 s9f87s987f said: > >>no work around is needed, there has been a solution all along.. >>one word.. firefox > > > It may be "one word" to you, but it can be a very expensive solution > for a company. [snip] > Somebody has to handle all the odd support calls that converting to Firefox > will cause. For instance, what happens in Firefox if you change the value of > network.cookie.lifetimePolicy from 1 to 3? One assumes that if the user is smart enough to type about:config, they are smart enough to know where to look to find the meaning of the config options. If not, they are beyond help anyway... [snip] > All this stuff adds up. And then of course, what is your solution when the > inevitable (there's been several already) security issue in Firefox comes out? > Everybody swap back to IE? No, wait for the fix that will likely be pushed out within a matter of hours, rather waiting weeks while your computer is vulnerable as in the case of IE. Jasper
Powered by blists - more mailing lists