| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue Mar 28 04:59:00 2006 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: EEYE: Temporary workaround for IE createTextRange vulnerab On Tue, 28 Mar 2006 15:21:47 +1200, Jasper Bryant-Greene said: > One assumes that if the user is smart enough to type about:config, they > are smart enough to know where to look to find the meaning of the config > options. Good. I know all about about:config. So where is the documentation of network.cookie.lifetimePolicy? The top Google hits: http://kb.mozillazine.org/Network.cookie.lifetimePolicy http://mozilla.gunnars.net/firefox_help_firefox_cookie_tutorial.html http://www.mozilla.org/projects/netlib/cookies/cookie-prefs.html Which of these are authoritative and refer to *your* release of Firefox? (hint - one of them references a Mozilla 1.7 bugzilla entry..). Oh, and the about:config doesn't show any help, and the onboard Help that ships with Deer Park doesn't seem to mention about:config at all... And anybody who starts off with "one assumes that if the user is smart enough" hasn't ever worked in User Support. First off, the user may be smart enough to *think* he knows what it means. And the user may in fact be smart enough to know what it means. But the user is *sure* *as* *hell* not smart enough to figure out that the change hosed up the setting of cookies, and that's why his printouts are now ending up on the wrong building. (And yes, there's applications that do crap like that. Deal with it. Or get a new job. :) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 228 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060327/c31d3aca/attachment.bin
Powered by blists - more mailing lists