Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Mozilla Firefox "Host:" Buffer Overflow

From: "Larry Seltzer" <larry () larryseltzer com>
Date: Sat, 10 Sep 2005 13:30:42 -0400
And how exactly do you propose to "leave out the details and PoC" when the

presence of the bug and the steps taken to fix it can not be concelaed from
public view given that the source code and the entire CVS entries are freely
available for anyone to browse?

You really don't think it woudl slow them down?


The proposal for obscurity serves well closed-source innitiatives and

development processes that have limited or no public visibility but it fails
in the presence of OSS. The "responsible disclosure" advocates act as if
Linux,*BSD,Mozilla and a zillion other open source projects did not exist in
reality.

The Mozilla team obviously disagrees with you, since they do try to hide
unresolved security problems, at least until (as in this case) the beans get
spilled in some other way.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: