Full Disclosure mailing list archives
Re: Mozilla Firefox "Host:" Buffer Overflow Exploit
From: Daniel Veditz <dveditz () cruzio com>
Date: Tue, 13 Sep 2005 00:29:13 -0700
Aviv Raff wrote:
> my mozilla bugs are wide open in bugzilla. > afaik her m4j3sty mitchell's bounties does not require silence.I guess you need to read the bug-bounty guidelines again:http://www.mozilla.org/security/bug-bounty.html"...be sure to check the box near the bottom of the entry form that marks this bug report as confidential..."
That's our preferred process, but the quote above is not from the section containing the bounty criteria. See also
http://www.mozilla.org/security/bug-bounty-faq.html#nondisclosureIn addition to hiding the bug, checking the confidential flag causes mail to be sent and the bug to show up in certain queries to help keep security issues from getting lost in the deluge of incoming bug reports.
-Dan Veditz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Mozilla Firefox "Host:" Buffer Overflow Exploit Berend-Jan Wever (Sep 10)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Przemyslaw Frasunek (Sep 10)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Paul (Sep 10)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Georgi Guninski (Sep 11)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Steve Friedl (Sep 11)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Georgi Guninski (Sep 11)
- <Possible follow-ups>
- RE: Mozilla Firefox "Host:" Buffer Overflow Exploit Peter Kruse (Sep 11)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Aviv Raff (Sep 11)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Georgi Guninski (Sep 11)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Aviv Raff (Sep 11)
- Message not available
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Ill will (Sep 11)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Daniel Veditz (Sep 13)
- RE: Mozilla Firefox "Host:" Buffer Overflow Exploit Larry Seltzer (Sep 14)