[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow Exploit

To: guninski@xxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow Exploit
From: Aviv Raff <avivra@xxxxxxxxx>
Date: Sun, 11 Sep 2005 15:13:41 -0700

> my mozilla bugs are wide open in bugzilla.
> afaik her m4j3sty mitchell's bounties does not require silence.
 Sorry, but security issues involved in the bug-bounty program are not 
publicly available until the patch is released. And even then Mozilla team 
sometimes waits few more weeks (e.g. 
http://www.mozilla.org/security/announce/mfsa2005-56.html) before they give 
access to everyone.
 I guess you need to read the bug-bounty guidelines again:
http://www.mozilla.org/security/bug-bounty.html
"...be sure to check the box near the bottom of the entry form that marks 
this bug report as confidential..."
 Aviv.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow Exploit
  - From: Daniel Veditz

References:
- Re: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow Exploit
  - From: Aviv Raff

Prev by Date: Re: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow Exploit
Next by Date: [Full-disclosure] Forensic help?
Previous by thread: Re: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow Exploit
Next by thread: Re: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow Exploit
Index(es):
- Date
- Thread