Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Two MSIE 6.0/7.0 NULL pointer crashes
From: Dan Kaminsky <dan () doxpara com>
Date: Wed, 20 Jan 2010 22:19:40 +0100

Microsoft response: Shrug, oh wait a minute does this vulnerability effect our bottom line?

OSS community response: We're on it, a fix will be available asap.

Testing takes time.  That's why both Microsoft and Mozilla test.  A
fix being *available* and a fix being *deployable* are not at all the
same things.  "Just pull the latest build from SVN" is rather
noticeably not an option.

"Any complicated and evolving piece of software will have security
vulnerabilities all the time." Quoted for truth.

More accurate:

"Any complicated piece of software on an active attack surface will
have software vulnerabilities found."

There's a lot of projects that stopped evolving, but still have hidden vulns.

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]