oss-sec mailing list archives
Re: Re: browser document.cookie DoS vulnerability
From: Murray McAllister <mmcallis () redhat com>
Date: Mon, 14 Oct 2013 18:06:16 +1100
On 10/12/2013 03:32 PM, Kurt Seifried wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/11/2013 11:34 AM, Joel Weinberger wrote:Hi there. Yes, we do CVEs, but in this case, we consider this very low severity and will not be creating a CVE for it. Sorry for the delayed response for it! --JoelSo to confirm you are saying this is NOT a security issue in any way shape or form? I find this odd because DoS's in web browsers are often considered CVE worthy. Is there something in this issue that prevent exploitation/etc? If not then it deserves a CVE even if it is a "low" issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
I don't think web browser dos's are suppose to be CVE worthy. Our (Red Hat) advisories for Firefox and Thunderbird mention "crash...", but they probably should not (my fault, sorry ;)).
Adding Huzaifa to Cc. -- Murray McAllister / Red Hat Security Response Team
Current thread:
- Re: Re: browser document.cookie DoS vulnerability Kurt Seifried (Oct 10)
- Re: Re: browser document.cookie DoS vulnerability aaron guzman (Oct 11)
- Re: Re: browser document.cookie DoS vulnerability Joel Weinberger (Oct 11)
- Re: Re: browser document.cookie DoS vulnerability Kurt Seifried (Oct 11)
- Re: Re: browser document.cookie DoS vulnerability Murray McAllister (Oct 14)
- Re: browser document.cookie DoS vulnerability cve-assign (Oct 15)
- Re: Re: browser document.cookie DoS vulnerability Kurt Seifried (Oct 11)
- Re: Re: browser document.cookie DoS vulnerability Kurt Seifried (Oct 15)
- Re: browser document.cookie DoS vulnerability cve-assign (Oct 16)
- Re: browser document.cookie DoS vulnerability cve-assign (Oct 17)
- Re: browser document.cookie DoS vulnerability Mozilla Security (Oct 17)