Full Disclosure mailing list archives
Re: Apple Safari ... DoS Vulnerability
From: Thierry Zoller <Thierry () Zoller lu>
Date: Thu, 26 Feb 2009 18:09:30 +0100
Dear Michael, I understand your point, however consider that your examples are showing the different *impacts* of a DoS condition. A bug becomes a security problem once it violates at least one of the three letters C or I or A. That's the point. The impact and risk assesement is to be done later on and can only be done partialy by a vendor since the use of the affected products sometimes heavily depends on the implementation or use case. MK> I would suggest that DoS conditions are not a priori security issues, but it MK> certainly depends on the context and whether security has or could have an MK> *interest* in them. This is not to be measured or estimated completely by a vendor but the client/user/integrator of said products in their specific enviroment and use and abuse cases. For example Internet Kiosk vendors. -- http://secdev.zoller.lu Thierry Zoller _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Apple Safari ... DoS Vulnerability Michael Krymson (Feb 26)
- Re: Apple Safari ... DoS Vulnerability Thierry Zoller (Feb 26)
- Re: Apple Safari ... DoS Vulnerability Michal Zalewski (Feb 26)
- <Possible follow-ups>
- Re: Apple Safari ... DoS Vulnerability Thierry Zoller (Feb 27)
- Re: Apple Safari ... DoS Vulnerability J. Oquendo (Feb 27)
- Re: Apple Safari ... DoS Vulnerability Michal Zalewski (Feb 27)
- Re: Apple Safari ... DoS Vulnerability Jeremy Brown (Feb 27)
- Re: Apple Safari ... DoS Vulnerability Valdis . Kletnieks (Feb 27)
- Re: Apple Safari ... DoS Vulnerability Michal Zalewski (Feb 27)
- Re: Apple Safari ... DoS Vulnerability J. Oquendo (Feb 27)