Re: Where is the notificiation about IE zero day vulnerablity?

From: Shenan Stanley (newshelper_at_gmail.com)
Date: 11/28/05 

Date: Sun, 27 Nov 2005 23:27:27 -0600

Imhotep wrote
> Maybe maybe not. Maybe all you can do with the javascript hole is
> DOS the other browsers (basically causing Firfox to crash but,
> not allow remote access)...

Karl Levinson, mvp wrote:
> "All you can do?" So you're rating this as a low severity
> vulnerability? But you attack Microsoft for supposedly doing the
> same?

Imhotep wrote:
> http://xforce.iss.net/xforce/xfdb/20783
>
> From that page
> "It is reported that this vulnerability could be exploited to cause
> a denial of service on Firefox and Opera Web browsers, but remote
> code execution is not possible."
>
> I certainly could take my web browser crashing over a remote code
> execution from a web site...but that is just me; call me crazy.

That I can agree with.

Crash or possible infiltration?

Not even a fair choice - I can handle the crashing longer than I can handle
someone executing code on my PC that does something horrible. Plus - if it
crashes, you repeat and it does it again - going to that page is a no-go
from that point on and that site will get reported in whatever way I can
report it to whom-ever I can report it. 

-- 
Shenan Stanley
     MS-MVP
-- 
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

Relevant Pages

  • Re: Where is the notificiation about IE zero day vulnerablity?
    ... >> DOS the other browsers (basically causing Firfox to crash but, ... >> not allow remote access)... ... >> a denial of service on Firefox and Opera Web browsers, ... > can report it to whom-ever I can report it. ...
    (microsoft.public.security)
  • Re: Crashing IE 6
    ... write a jQuery plugin to crash IE 6. ... That's about as useful as any other line of jQuery code. ... Don't crash their browsers! ... It seems to me that this should be a well known bug, ...
    (comp.lang.javascript)
  • Re: FEMA aid site is Windows-only
    ... In article, jimhill@xxxxxxxx (Jim Hill) ... >>Some people have reported success in using other browsers set to report ... Do you really think those Government IT persons, GS-9, and 11 ...
    (comp.sys.mac.apps)
  • Re: [Full-Disclosure] Web browsers - a mini-farce
    ... report it to them and to FD or other lists. ... Microsoft did something others couldn't be bothered to. ... I specifically stated that this does *NOT* prove that MSIE is safer to ... browsers, suggesting that much of it may turn to be just a result of the ...
    (Full-Disclosure)
  • Re: FEMA aid site is Windows-only
    ... >>Some people have reported success in using other browsers set to report ... > asscheek in charge of the website is permitting or rejecting browsers ... > broken behavior of that particular browser. ...
    (comp.sys.mac.apps)