Re: [Full-disclosure] SecNiche : Microsoft Internet Explorer Pop up Blocker Bypassing and Dos Vulnerability

On Fri, 17 Aug 2007, Pranay Kanwar wrote:

Frankly i now feel, that its not SecNiche's fault entirely, it has got a
lot of encouragement from its past invalid and absurd claims.

Such as

_JWIG Context Dependent Template Calling Denial of Service Vulnerability._

I characterized this as a design limitation that could become an issue in
applications that are written using JWIG, not JWIG itself:

Yet nobody followed up on this to dispute my assessment or agree with it.
What is your opinion?

Also i am pretty sure the above links will stay forever and i don't suppose i
have to explain why.

The CVEs will remain as a record of a report that was heavily disputed;
unlike other vuln DBs, CVE and OSVDB don't just erase records when an
issue is disputed. We want a provable resolution to such disputes, if one
ever arises.

- Steve

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -