Full Disclosure mailing list archives
Re: FIREFOX flaws: nested array sort() loop Stack overflow exception
From: Jose Nazario <jose () monkey org>
Date: Fri, 26 Nov 2004 14:45:22 -0500 (EST)
On Thu, 25 Nov 2004, Heikki Toivonen wrote:
3. Either login if you already have an account, or click "create new account". Let's assume we need to create a new account... 4. Type in a valid email address and click "Create Account" 5. [mail] Read email that was sent to the address to get password 6. back on in the browser, click "log in here" 7. fill in your username and password and click "login"
[snip the rest of useful info on how to post good, healthy, actionable bug reports] requiring someone to register to post a bug is harmful in the sense that you wind up turning off peopl ewho simply can't be bothered to fill out that info or wish to remain anonymous. while i definitely see the benefit of forcing registration or even wanting it, i bet you'e losing more bug reports than you care to imagine this way. benefits of forcing/encouraging registration include: - garaunteed line of followup - reduced spam quantities in bugzilla - at leasta cutofof "i care enough to ..." still, you're losing more than you may expect. i know i've failed to file bug reports (non-security related) for mozilla products due to this "speed bump". the security@ route is useful, and i'm glad you pointed it out. this point should be considered by anyone who runs a bug reporting page for open submissions, you may be doing more harm than benefit. ________ jose nazario, ph.d. jose () monkey org http://monkey.org/~jose/ http://infosecdaily.net/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: To anybody who's offended by my disclosure policy, (continued)
- Re: To anybody who's offended by my disclosure policy kf_lists (Nov 27)
- Re: To anybody who's offended by my disclosure policy Gadi Evron (Nov 27)
- Re: To anybody who's offended by my disclosure policy kf_lists (Nov 27)
- Re: To anybody who's offended by my disclosure policy Gadi Evron (Nov 27)
- Re: To anybody who's offended by my disclosure policy JxT (Nov 27)
- Re: To anybody who's offended by my disclosure policy Gadi Evron (Nov 27)
- MSIE & FIREFOX flaws: "detailed" advisory and comments that you probably don't want to read anyway Berend-Jan Wever (Nov 26)
- Re: FIREFOX flaws: nested array sort() loop Stack overflow exception Jose Nazario (Nov 27)
- Re: FIREFOX flaws: nested array sort() loop Stack overflow exception Heikki Toivonen (Nov 27)
- Re: FIREFOX flaws: nested array sort() loop Stack overflow exception exon (Nov 29)
- Re: FIREFOX flaws: nested array sort() loop Stack overflow exception Esben Stien (Nov 29)
- Re: FIREFOX flaws: nested array sort() loop Stack overflow exception Daniel Veditz (Nov 29)