Full Disclosure mailing list archives
Re: MSIE (mshtml.dll) OBJECT tag vulnerability
From: "Brian Eaton" <eaton.lists () gmail com>
Date: Thu, 27 Apr 2006 19:19:14 -0400
On 4/27/06, Michal Zalewski <lcamtuf () dione ids pl> wrote:
Why didn't I even try, you say? Past experiences of numerous researchers aside, consider this: Microsoft takes 3-6 months to fix critical but non-public vulnerabilities in their flagship software (some of these flaws must've been independently discovered by the rogues, hence putting customers at great risk, or at best taking chances). This is not a reasonable timeframe, compared to industry averages. Yet, they only take 2-4 weeks to fix publicly disclosed bugs - thus making software safer, sooner.
Please note that I ask this out of curiousity, and not in an attempt to be critical. Why not give MSRC a head start of one week? Regards, Brian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability, (continued)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability bruen (Apr 26)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Michal Zalewski (Apr 26)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Michal Zalewski (Apr 26)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Michal Zalewski (Apr 27)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Pedro Hugo (Apr 27)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability str0ke (Apr 27)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability poo (Apr 27)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Pedro Hugo (Apr 27)
- Re[2]: MSIE (mshtml.dll) OBJECT tag vulnerability Thierry Zoller (Apr 27)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability bruen (Apr 26)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Tim Bilbro (Apr 27)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Michal Zalewski (Apr 27)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Brian Eaton (Apr 27)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Michal Zalewski (Apr 27)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Peter Besenbruch (Apr 28)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Chris Eagle (Apr 28)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Sol Invictus (Apr 28)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Aaron Gray (Apr 28)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Valdis . Kletnieks (Apr 28)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Aaron Gray (Apr 28)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Aaron Gray (Apr 28)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Michal Zalewski (Apr 27)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Tim (Apr 27)