Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Re: browser document.cookie DoS vulnerability
From: Murray McAllister <mmcallis () redhat com>
Date: Mon, 14 Oct 2013 18:06:16 +1100

On 10/12/2013 03:32 PM, Kurt Seifried wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/11/2013 11:34 AM, Joel Weinberger wrote:
Hi there. Yes, we do CVEs, but in this case, we consider this very
low severity and will not be creating a CVE for it. Sorry for the
delayed response for it! --Joel

So to confirm you are saying this is NOT a security issue in any way
shape or form? I find this odd because DoS's in web browsers are often
considered CVE worthy. Is there something in this issue that prevent
exploitation/etc? If not then it deserves a CVE even if it is a "low"
issue.

- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

I don't think web browser dos's are suppose to be CVE worthy. Our (Red Hat) advisories for Firefox and Thunderbird mention "crash...", but they probably should not (my fault, sorry ;)).

Adding Huzaifa to Cc.

--
Murray McAllister / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault