Full Disclosure mailing list archives
Re: Is Mozilla's "patch" enough?
From: Aviv Raff <avivra () gmail com>
Date: Mon, 12 Jul 2004 18:45:30 +0200
If you don't have anyhing to say but flaming, why do you pollute the list too? Security patches shouldn't be overridden unless intended too (i.e uninstalled). If an attacker can override the patch by a simple line of settings in a configuration file (aka user.js) and the user cannot change this settings by simply applying the patch again, or manually changing it via the about:config interface, it is wrong. Most of the users don't know how to use the preferences files, or even know they exist. Moreover, user.js doesn't exist by default. On Mon, 12 Jul 2004 18:42:07 +0300, Georgi Guninski <guninski () guninski com> wrote:
On Mon, Jul 12, 2004 at 05:23:29PM +0300, Aviv Raff wrote:I understand that if an attacker has the ability to change the user.js file he can do worse things, but why should there be a way to override security patches without uninstalling them?if you understand your dumbness why do you continue to polute the list? updated builds for the so called "os" are available at mozilla.org - go get them. there are a lot of ways to override security patches without uninstalling them georgi
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Is Mozilla's "patch" enough? Aviv Raff (Jul 12)
- Re: Is Mozilla's "patch" enough? Pavel Kankovsky (Jul 12)
- Re: Is Mozilla's "patch" enough? William Warren (Jul 12)
- Re: Is Mozilla's "patch" enough? Thomas Kaschwig (Jul 12)
- Re: Is Mozilla's "patch" enough? Barry Fitzgerald (Jul 12)
- Re: Is Mozilla's "patch" enough? William Warren (Jul 12)
- Re: Is Mozilla's "patch" enough? Thomas Kaschwig (Jul 13)
- Re: Is Mozilla's "patch" enough? Aviv Raff (Jul 12)
- Re: Is Mozilla's "patch" enough? Georgi Guninski (Jul 12)
- Re: Is Mozilla's "patch" enough? Aviv Raff (Jul 12)
- Re: Is Mozilla's "patch" enough? Florian Weimer (Jul 12)
- Re: Is Mozilla's "patch" enough? Aviv Raff (Jul 12)
- Re: Is Mozilla's "patch" enough? Florian Weimer (Jul 12)
- Re: Is Mozilla's "patch" enough? Aviv Raff (Jul 12)
- Re: Is Mozilla's "patch" enough? Aviv Raff (Jul 12)
- Re: Is Mozilla's "patch" enough? Pavel Kankovsky (Jul 12)
- Re: Is Mozilla's "patch" enough? Thomas Kaschwig (Jul 12)
- Re: Is Mozilla's "patch" enough? Daniel Wang (Jul 13)