Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OT: Firefox question / poll

From: Dan Kaminsky <dan () doxpara com>
Date: Thu, 22 Dec 2011 10:48:43 -0500
On Tue, Dec 20, 2011 at 7:00 PM, coderman <coderman () gmail com> wrote:


On Tue, Dec 20, 2011 at 9:40 AM, Charles Morris <cmorris () cs odu edu>
wrote:

I'm curious what everyone's opinion is on the following question...
esp. to any FF dev people on list:

Do you think that the Firefox "warning: unresponsive script" is meant
as a security feature or a usability feature?


anyone who said "security feature" is an idiot and/or not thinking clearly.
your security is harmed by malicious script in milliseconds.
this does nothing to protect you from anything.*

it is purely a usability feature in response to shitty developers
writing shitty webapps leading to excessively long script execution
(which can thus be terminated if desired once this warning presents)


* someone may say "availability is a security requirement!". true, but
then a modem link to web 2.0 is a DoS, and there's simply no point
going down that road...

Absolutely correct.  There's effectively an infinite number of temporary

DoS attacks against browsers.  They're fragile enough in this space that
"exploits" are *accidentally* stumbled upon by devs.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: