mailing list archives
Re: Two MSIE 6.0/7.0 NULL pointer crashes
From: Dan Kaminsky <dan () doxpara com>
Date: Wed, 20 Jan 2010 22:19:40 +0100
Microsoft response: Shrug, oh wait a minute does this vulnerability effect our bottom line?
OSS community response: We're on it, a fix will be available asap.
Testing takes time. That's why both Microsoft and Mozilla test. A
fix being *available* and a fix being *deployable* are not at all the
same things. "Just pull the latest build from SVN" is rather
noticeably not an option.
"Any complicated and evolving piece of software will have security
vulnerabilities all the time." Quoted for truth.
"Any complicated piece of software on an active attack surface will
have software vulnerabilities found."
There's a lot of projects that stopped evolving, but still have hidden vulns.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: Two MSIE 6.0/7.0 NULL pointer crashes mrx (Jan 20)
Re: Two MSIE 6.0/7.0 NULL pointer crashes Yigit Turgut (Jan 20)