Vulnerability Development mailing list archives
Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception
From: exon <exon () home se>
Date: Mon, 29 Nov 2004 10:24:24 +0100
Jose Nazario wrote:
On Thu, 25 Nov 2004, Heikki Toivonen wrote:3. Either login if you already have an account, or click "create new account". Let's assume we need to create a new account... 4. Type in a valid email address and click "Create Account" 5. [mail] Read email that was sent to the address to get password 6. back on in the browser, click "log in here" 7. fill in your username and password and click "login"[snip the rest of useful info on how to post good, healthy, actionable bug reports] requiring someone to register to post a bug is harmful in the sense that you wind up turning off peopl ewho simply can't be bothered to fill out that info or wish to remain anonymous.
Hence the security () mozilla org address.If you are anxious to get the bug fixed you have the option of filling out the form and thereby making yourself available for further questions, getting email with bug updates and the ability to submit coredumps and whatnot.
If you're not so anxious you can simply send in an email and be content with having let them know about it. Firefox still has the benefit of running on a multitude of platforms and architectures. Someone trying to exploit a vulnerability in it (as opposed to just crashing it) would have to know both to be successful.
while i definitely see the benefit of forcing registration or even wanting it, i bet you'e losing more bug reports than you care to imagine this way.
Perhaps the problem lies in the fact that the mozilla coders want people to use the forum so they don't promote the security () mozilla org mail address enough?
benefits of forcing/encouraging registration include:
- garaunteed line of followup
- reduced spam quantities in bugzilla
- at leasta cutofof "i care enough to ..."
still, you're losing more than you may expect. i know i've failed to file
bug reports (non-security related) for mozilla products due to this "speed
bump". the security@ route is useful, and i'm glad you pointed it out.
this point should be considered by anyone who runs a bug reporting page
for open submissions, you may be doing more harm than benefit.
Current thread:
- FIREFOX flaws: nested array sort() loop Stack overflow exception Berend-Jan Wever (Nov 25)
- Re: FIREFOX flaws: nested array sort() loop Stack overflow exception James Tait (Nov 27)
- Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception Heikki Toivonen (Nov 28)
- Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception Jose Nazario (Nov 28)
- Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception Heikki Toivonen (Nov 29)
- Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception exon (Nov 29)
- Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception Jose Nazario (Nov 28)