Full Disclosure mailing list archives
Re: Two MSIE 6.0/7.0 NULL pointer crashes
From: Dan Kaminsky <dan () doxpara com>
Date: Wed, 20 Jan 2010 22:19:40 +0100
Microsoft response: Shrug, oh wait a minute does this vulnerability effect our bottom line? OSS community response: We're on it, a fix will be available asap.
Testing takes time. That's why both Microsoft and Mozilla test. A fix being *available* and a fix being *deployable* are not at all the same things. "Just pull the latest build from SVN" is rather noticeably not an option.
"Any complicated and evolving piece of software will have security vulnerabilities all the time." Quoted for truth.
More accurate: "Any complicated piece of software on an active attack surface will have software vulnerabilities found." There's a lot of projects that stopped evolving, but still have hidden vulns. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Two MSIE 6.0/7.0 NULL pointer crashes, (continued)
- Re: Two MSIE 6.0/7.0 NULL pointer crashes Michael Holstein (Jan 20)
- Re: Two MSIE 6.0/7.0 NULL pointer crashes Chris Evans (Jan 20)
- Re: Two MSIE 6.0/7.0 NULL pointer crashes ☣ frank^2 (Jan 20)
- Re: Two MSIE 6.0/7.0 NULL pointer crashes Rohit Patnaik (Jan 21)
- Re: Two MSIE 6.0/7.0 NULL pointer crashes Jeffrey Walton (Jan 22)
- Re: Two MSIE 6.0/7.0 NULL pointer crashes Valdis . Kletnieks (Jan 23)
- Re: Two MSIE 6.0/7.0 NULL pointer crashes Christian Sciberras (Jan 23)
- Re: Two MSIE 6.0/7.0 NULL pointer crashes dramacrat (Jan 20)
- Re: Two MSIE 6.0/7.0 NULL pointer crashes Jeffrey Walton (Jan 20)
- Re: Two MSIE 6.0/7.0 NULL pointer crashes Dan Kaminsky (Jan 20)
- Re: Two MSIE 6.0/7.0 NULL pointer crashes Michal Zalewski (Jan 20)
- Re: Two MSIE 6.0/7.0 NULL pointer crashes mrx (Jan 21)
- Re: Two MSIE 6.0/7.0 NULL pointer crashes Dan Kaminsky (Jan 21)
- Re: Two MSIE 6.0/7.0 NULL pointer crashes Christian Sciberras (Jan 21)
- Re: Two MSIE 6.0/7.0 NULL pointer crashes Jeffrey Walton (Jan 21)
- Re: Two MSIE 6.0/7.0 NULL pointer crashes Pavel Kankovsky (Jan 23)
- Re: Two MSIE 6.0/7.0 NULL pointer crashes Dan Kaminsky (Jan 23)