Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: EEYE: Temporary workaround for IE createTextRange vulnerab

From: Jasper Bryant-Greene <jasper () album co nz>
Date: Tue, 28 Mar 2006 15:21:47 +1200
Valdis.Kletnieks () vt edu wrote:

On Mon, 27 Mar 2006 20:43:41 CST, s89df987 s9f87s987f said:


no work around is needed, there has been a solution all along..
one word.. firefox



It may be "one word" to you, but it can be a very expensive solution
for a company.

[snip]

Somebody has to handle all the odd support calls that converting to Firefox
will cause.  For instance, what happens in Firefox if you change the value of
network.cookie.lifetimePolicy from 1 to 3?
One assumes that if the user is smart enough to type about:config, they are smart enough to know where to look to find the meaning of the config options. 

If not, they are beyond help anyway...

[snip]

All this stuff adds up.  And then of course, what is your solution when the
inevitable (there's been several already) security issue in Firefox comes out?
Everybody swap back to IE?
No, wait for the fix that will likely be pushed out within a matter of hours, rather waiting weeks while your computer is vulnerable as in the case of IE. 

Jasper

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: