Full Disclosure mailing list archives
Re: Re: Internet Explorer URL parsing vulnerability
From: S G Masood <sgmasood () yahoo com>
Date: Wed, 10 Dec 2003 05:44:35 -0800 (PST)
--- Feher Tamas <etomcat () freemail hu> wrote:
Hello,don't start a disclosure - non disclosure threadagain and againand again please...This is about responsible and non-responsible disclosure, which is at the heart of security research. As long as you have no proof that the bug is being maliciously exploited in the wild, you need to give time for the sw vendor to react and patch.
If you are talking about a generic ethic, I sincerely agree. Slight deviations on this concept might apply depending on the vendor's track record and the vulnerability(I am not talking about MS alone). However, unfortunately, if you are familiar with the pattern in which MS handled the previous unpatched IE vulns, this looks like one of those IE vulns. that MS *WONT* patch. Nevertheless, putting the general public at such high risk is never a wise idea. -- S.G.Masood
What Zap the Dingbat has done will not earn him a bust in the hall of fame for security research. Sincerely: Tamas Feher. _______________________________________________ Full-Disclosure - We believe in it. Charter:
http://lists.netsys.com/full-disclosure-charter.html __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Re: Internet Explorer URL parsing vulnerability, (continued)
- Re: Re: Internet Explorer URL parsing vulnerability Exibar (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Gregory A. Gilliss (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Michael Gale (Dec 10)
- RE: Re: Internet Explorer URL parsing vulnerability Kristian Hermansen (Dec 11)
- RE: Re: Internet Explorer URL parsing vulnerability Karlis Zigurs (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerability Valdis . Kletnieks (Dec 11)
- RE: RE: FWD: Internet Explorer URL parsing vulnerability Rainer Gerhards (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Georgi Guninski (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability S G Masood (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability John Sage (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Daniel H. Renner (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability petard (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Jedi/Sector One (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Valdis . Kletnieks (Dec 10)
- Re: RE:Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 10)