oss-sec mailing list archives
Re: Re: browser document.cookie DoS vulnerability
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 11 Oct 2013 22:32:54 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/11/2013 11:34 AM, Joel Weinberger wrote:
Hi there. Yes, we do CVEs, but in this case, we consider this very low severity and will not be creating a CVE for it. Sorry for the delayed response for it! --Joel
So to confirm you are saying this is NOT a security issue in any way shape or form? I find this odd because DoS's in web browsers are often considered CVE worthy. Is there something in this issue that prevent exploitation/etc? If not then it deserves a CVE even if it is a "low" issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJSWND2AAoJEBYNRVNeJnmToBMP/3wdilLPfV39Wm2h0fasOxUB ZiN1tWvslIxWsksFeO9xEQjS/MgNG6GfGoNpFt7uTl4NSb8ZQgkl7GWTGPJIyFnZ 7bpqRjdjxlKTqH68FW0vSCKCTZYt1o1DVv2ownmHogIsPfj7nbPYNZDYGB5bHsWy TLBsJIPqyHbFX0Purqnw+QD7xXa3GnccAm58tzc2bxhKA/6t42+U0K/XFA8j+Jtm TGQ3yOCCk6C+gDpl0N+WnjBSaMJmZ75XXlelWShQLLsK+KRovLfQpKumIaUKa7oR Cq/61CN3Q0pTmkaHKwweVWgpFMZPCZJqY4Ddcej4zSSc5WaQJ9KgpABi0bXr1nDy VAaYDBMkZ5LX1hcguE+V9J583xUvQdN2N3jy60+OBl3R4Thwzd3kofejaarausfd N6RleZvVR+140KeG69HQ4CWmKkIatug+Y4N455xj/SHgdLTgJEmuu7GNIAMQePXH OTuUjAhAfwahYpi+hwVTejYSlfcN4PS1MaMZOFIh09KoxXZYXV6LpbRJJP0j0ssb n0oHk9uSRD6PDgU8UKfrAodcbdnd4Y31AP7G7hv0XUU1odPqK8D37eKqbr4KRCAj RGuaP1jbRHqLE1UmTZg7g3/KfVk3QwGlZqXD676W8cOsDAGmRnnQm2y8K1dBTArZ t/zfJi5xo298Cps0booP =6DTV -----END PGP SIGNATURE-----
Current thread:
- Re: Re: browser document.cookie DoS vulnerability Kurt Seifried (Oct 10)
- Re: Re: browser document.cookie DoS vulnerability aaron guzman (Oct 11)
- Re: Re: browser document.cookie DoS vulnerability Joel Weinberger (Oct 11)
- Re: Re: browser document.cookie DoS vulnerability Kurt Seifried (Oct 11)
- Re: Re: browser document.cookie DoS vulnerability Murray McAllister (Oct 14)
- Re: browser document.cookie DoS vulnerability cve-assign (Oct 15)
- Re: Re: browser document.cookie DoS vulnerability Kurt Seifried (Oct 11)
- Re: Re: browser document.cookie DoS vulnerability Kurt Seifried (Oct 15)
- Re: browser document.cookie DoS vulnerability cve-assign (Oct 16)
- Re: browser document.cookie DoS vulnerability cve-assign (Oct 17)
- Re: browser document.cookie DoS vulnerability Mozilla Security (Oct 17)