Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Mozilla Firefox "Host:" Buffer Overflow

From: Dave Aitel <dave () immunitysec com>
Date: Fri, 09 Sep 2005 11:53:09 -0400
Andrew R. Reiter wrote:


On Fri, 9 Sep 2005, Dave Aitel wrote:

:It's not consideration to hide the actual risk from users of the product.
:That's just Microsoft hogwash.
:
:Right now, everyone knows they are at risk, and what to do about it - we can
:stop using Firefox if we think it's a high enough risk vulnerability to do so.
:This is definately better than just being in the dark for another week or so
:until they get the patch done.
:
:-dave
What about all those poor mom's and dad's who were encouraged to use Firefox but have 0 clue as to what the heck Full-Disclosure is? Seems to me your idea of "everyone" is misguided. 

Cheers,

:
They can all now be helped by their more technically inclined family members. This isn't an option in vendor-monopoly disclosure models, where you just have to pray that only the vendor and a few other people know about the bug, and they're not bothering to exploit your poor mom or dad (or yourself).
They're probably still better off using Firefox, of course, just not completely immune. Which you already assumed, right? 

-dave
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: