Re: Mozilla Firefox "Host:" Buffer Overflow

["Andrew R. Reiter" <arr () watson org>]

On Fri, 9 Sep 2005, Dave Aitel wrote:

:Andrew R. Reiter wrote:
:
:> On Fri, 9 Sep 2005, Dave Aitel wrote:
:> 
:> :It's not consideration to hide the actual risk from users of the product.
:> :That's just Microsoft hogwash.
:> :
:> :Right now, everyone knows they are at risk, and what to do about it - we can
:> :stop using Firefox if we think it's a high enough risk vulnerability to do
:> so.
:> :This is definately better than just being in the dark for another week or so
:> :until they get the patch done.
:> :
:> :-dave
:> 
:> What about all those poor mom's and dad's who were encouraged to use Firefox
:> but have 0 clue as to what the heck Full-Disclosure is?  Seems to me your
:> idea of "everyone" is misguided.
:> 
:> Cheers,
:> 
:> :
:> 
:They can all now be helped by their more technically inclined family members.
:This isn't an option in vendor-monopoly disclosure models, where you just have
:to pray that only the vendor and a few other people know about the bug, and
:they're not bothering to exploit your poor mom or dad (or yourself).
:

True.. debatable, so I can't fully disagree with you.


:They're probably still better off using Firefox, of course, just not completely
:immune. Which you already assumed, right?

I love assumptions .. of course I love pain too :P  engineering pain.

:
:-dave
:
:

-------------------------------------------------------------
  "Natural bridges on a clean west swell,
     Break over the reef like a bat of out hell." -- Sublime.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/