mailing list archives
Re: MSIE (mshtml.dll) OBJECT tag vulnerability
From: Peter Besenbruch <prb () lava net>
Date: Fri, 28 Apr 2006 06:36:01 -1000
On Thu, 27 Apr 2006, Brian Eaton wrote:
Please note that I ask this out of curiousity, and not in an attempt to
be critical. Why not give MSRC a head start of one week?
Michal Zalewski wrote:
Because, among other things I've already mentioned, it will in no way
affect when they're going to release a patch. Their official policy is to
stick to a weird schedule.
Unfortunately, given Microsoft's recent behavior, Michal's right.
Further, I too have seen the data showing much faster response times
when Microsoft is blindsided. The only question that remains is whether
some inherent sense of fairness on the part of the reporter dictates
notifying the vendor first, even though it likely won't do any good.
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: MSIE (mshtml.dll) OBJECT tag vulnerability meta security (Apr 27)
RE: MSIE (mshtml.dll) OBJECT tag vulnerability Tim Bilbro (Apr 27)
Re: MSIE (mshtml.dll) OBJECT tag vulnerability 0x80 (Apr 28)