[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow
- To: Dave Aitel <dave@xxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow
- From: "Andrew R. Reiter" <arr@xxxxxxxxxx>
- Date: Fri, 9 Sep 2005 11:56:14 -0400 (EDT)
On Fri, 9 Sep 2005, Dave Aitel wrote:
:Andrew R. Reiter wrote:
:
:> On Fri, 9 Sep 2005, Dave Aitel wrote:
:>
:> :It's not consideration to hide the actual risk from users of the product.
:> :That's just Microsoft hogwash.
:> :
:> :Right now, everyone knows they are at risk, and what to do about it - we can
:> :stop using Firefox if we think it's a high enough risk vulnerability to do
:> so.
:> :This is definately better than just being in the dark for another week or so
:> :until they get the patch done.
:> :
:> :-dave
:>
:> What about all those poor mom's and dad's who were encouraged to use Firefox
:> but have 0 clue as to what the heck Full-Disclosure is? Seems to me your
:> idea of "everyone" is misguided.
:>
:> Cheers,
:>
:> :
:>
:They can all now be helped by their more technically inclined family members.
:This isn't an option in vendor-monopoly disclosure models, where you just have
:to pray that only the vendor and a few other people know about the bug, and
:they're not bothering to exploit your poor mom or dad (or yourself).
:
True.. debatable, so I can't fully disagree with you.
:They're probably still better off using Firefox, of course, just not completely
:immune. Which you already assumed, right?
I love assumptions .. of course I love pain too :P engineering pain.
:
:-dave
:
:
-------------------------------------------------------------
"Natural bridges on a clean west swell,
Break over the reef like a bat of out hell." -- Sublime.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/