Re: OT: Gone from topic, now on security Re: For PGP Users-Likes and Dislikes of PGP

From: Sebastian Gottschalk <seppi@xxxxxxxxx>
Date: Mon, 14 Aug 2006 10:59:41 +0200

Joseph Ashwood wrote:

So to review the updates in the last month (since Microsoft
releases monthly this is a reasonable timeframe) there has been 1
update to IE (MS06-042), one update to OE (MS06-043), both
released last Tuesday.

And there're still 60+ vulnerabilities left open. Your point being?

My point being that you still have failed to name a single one.

No. You only asked for vulnerabilities in OE, and I also referred to
triggering MSIE vulnerabilities as well. And of those, I can name you a
lot. And I also named some non-inherited OE flaws as well.

You claimed that you knew several flaws, yet you have failed to name
even one.

Actually it's quite funny that you're not able to use Google, search on
Securityfocus or at other common places, which easily turns out some.
Shouldn't be to hard for so many existing.

But just for convience: <DT><H1 STYLE=width:1px><LI></H1> - a nifty
little memory corruption vulnerability which allows remote code execution.

I decided to save you a bit of trouble, I actually checked CVE for
you, there are 2 known vulnerabilities listed for OE in 2006, 2 more
in 2005, 4 in 2004, 2 in 2003.

CVE isn't the entire truth.

Just again: Due to inherit of all IE flaws, it's currently at 60+.

Thunderbird is very different story, there have been 53 listed
vulnerabilities in 2006.

Yeah. Potential information disclosure when JavaScript is enabled (which
it isn't by default) is way more critical than remote code execution.

That leaves the primary reason that OE is
exploied more often than Thunderbird being simply a numbers game.

Just like Apache vs. IIS?
.

References:
- Re: OT: Gone from topic, now on security Re: For PGP Users-Likes and Dislikes of PGP
  - From: Joseph Ashwood

Prev by Date: Re: OT: Gone from topic, now on security Re: For PGP Users-Likes and Dislikes of PGP
Next by Date: Re: OT: Gone from topic, now on security Re: For PGP Users-Likes and Dislikes of PGP
Previous by thread: Re: OT: Gone from topic, now on security Re: For PGP Users-Likes and Dislikes of PGP
Next by thread: Re: OT: Gone from topic, now on security Re: For PGP Users-Likes and Dislikes of PGP
Index(es):
- Date
- Thread

Relevant Pages

Re: M$ attack on Common Sense
... are flaws in the OS itself that enable the virus to work. ... doesn't have flaws and vulnerabilities. ... It's certainly NOT advocacy for Linux IMO..... ... if it's unfair to lump all open source software together for ...
(comp.os.linux.misc)
Re: M$ attack on Common Sense
... are flaws in the OS itself that enable the virus to work. ... doesn't have flaws and vulnerabilities. ... It's certainly NOT advocacy for Linux IMO..... ... if it's unfair to lump all open source software together for ...
(alt.computer.security)
Re: M$ attack on Common Sense
... are flaws in the OS itself that enable the virus to work. ... doesn't have flaws and vulnerabilities. ... It's certainly NOT advocacy for Linux IMO..... ... if it's unfair to lump all open source software together for ...
(comp.os.ms-windows.nt.admin.security)
Re: M$ attack on Common Sense
... Windows vulnerabilities get more press because more people ... They're reporting attacks on servers at e-business sites. ... The report about e-business servers running Linux being attacked would ... it is) have flaws and vulnerabilities that allow viruses and malware to ...
(comp.os.linux.misc)
Re: M$ attack on Common Sense
... Windows vulnerabilities get more press because more people ... They're reporting attacks on servers at e-business sites. ... The report about e-business servers running Linux being attacked would ... it is) have flaws and vulnerabilities that allow viruses and malware to ...
(alt.computer.security)