Re: Where is the notificiation about IE zero day vulnerablity?

From: Imhotep (imhotep_at_nospam.com)
Date: 11/28/05 

Date: Sun, 27 Nov 2005 18:46:41 -0500

karl levinson, mvp wrote:

>
> "Imhotep" <imhotep@nospam.com> wrote in message
> news:89CdnWf4lrOYexTeRVn-pw@adelphia.com...
>
>> Add to value here??? Sure it does. Customers could temporally use firefox
>> or
>> opera and surf safe....I think that adds a lot of value here. Again, if
>> news sources carried the article....which is why they probably are not.
>> Again, MS has a lot of advertising dollars to spend somewhere....
>
> Or, they could disable Javascript. Most people won't do any of these.
> But if they want to do so, they've been warned, by MS and others.

Unfortunately, most web sites use javascript. You really can't disable it
like you can with unpopular scripting languages like active-x...
 
> The media has a field day with reporting just about any MS vulnerability.
> There is no shortage of articles on serious MS vulnerabilities. Usually
> the articles pop up by the hundreds after people start becoming infected
> via the vulnerability, which AFAIK is not happening yet with this.

So, you are saying that when people start getting infected with crap, the
articles will start appearing. I see the logic but it still does not
explain why Firefox got all the attention with a IDN vulnerability which
there was not a single attack based on it, which is getting back to my
original question that no one can seem to answer....

> By the way, this vulnerability affects not just IE but Firefox and Opera
> as
> well. At the moment it is only a denial of service on the other two, but
> that's how it started on IE as well. I haven't seen a whole lot of media
> articles on the Firefox vulnerability, or people asking where's the patch,
> but it's probably because of all those Firefox advertising dollars.
>
> http://xforce.iss.net/xforce/xfdb/20783

Maybe maybe not. Maybe all you can do with the javascript hole is DOS the
other browsers (basically causing Firfox to crash but, not allow remote
access)...

Again, I am just looking for my original question to be answered...that is
all...

Imhotep

Relevant Pages

  • Re: Where is the notificiation about IE zero day vulnerablity?
    ... The media has a field day with reporting just about any MS vulnerability. ... There is no shortage of articles on serious MS vulnerabilities. ... this vulnerability affects not just IE but Firefox and Opera as ...
    (microsoft.public.security)
  • Re: Rampage attempt.
    ... I still can't access the follow up pages on the articles. ... I tested this with Firefox versions 1.0.6 and 1.5.0.1. ... Java and Javascript is on. ...
    (rec.gambling.poker)
  • [Full-disclosure] New Vulnerability against Firefox/ Major Extensions
    ... high profile Firefox extensions. ... as this includes the Google Toolbar for Firefox. ... Until the vendors release secure updates to their software, ... The nature of the vulnerability described in this report is technical, ...
    (Full-Disclosure)
  • Re: Jailing Firefox
    ... I was thinking that it might be a good idea to put firefox ... "turn-off" javascript and Java in Firefox? ... textmode browser with no javascript. ... You RAM system shows as a RAM system to the outside world, ...
    (comp.os.linux.misc)
  • Re: [Full-disclosure] New Vulnerability against Firefox/ Major Extensions
    ... I attached Google Toolbar PoC. ... it will work every time you launch Firefox. ... high profile Firefox extensions. ... The nature of the vulnerability described in this report is technical, ...
    (Full-Disclosure)