|
Full Disclosure
mailing list archives
Re: Mozilla Firefox "Host:" Buffer Overflow
From: Dave Aitel <dave () immunitysec com>
Date: Fri, 09 Sep 2005 11:53:09 -0400
Andrew R. Reiter wrote:
On Fri, 9 Sep 2005, Dave Aitel wrote:
:It's not consideration to hide the actual risk from users of the product.
:That's just Microsoft hogwash.
:
:Right now, everyone knows they are at risk, and what to do about it - we can
:stop using Firefox if we think it's a high enough risk vulnerability to do so.
:This is definately better than just being in the dark for another week or so
:until they get the patch done.
:
:-dave
What about all those poor mom's and dad's who were encouraged to use
Firefox but have 0 clue as to what the heck Full-Disclosure is? Seems to
me your idea of "everyone" is misguided.
Cheers,
:
They can all now be helped by their more technically inclined family
members. This isn't an option in vendor-monopoly disclosure models,
where you just have to pray that only the vendor and a few other people
know about the bug, and they're not bothering to exploit your poor mom
or dad (or yourself).
They're probably still better off using Firefox, of course, just not
completely immune. Which you already assumed, right?
-dave
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
Re: Mozilla Firefox "Host:" Buffer Overflow Jerome Athias (Sep 09)
Re: Mozilla Firefox "Host:" Buffer Overflow ipatches (Sep 09)
|
Intro
