Re: Where is the notificiation about IE zero day vulnerablity?

From: Shenan Stanley (newshelper_at_gmail.com)
Date: 11/28/05


Date: Sun, 27 Nov 2005 23:27:27 -0600

Imhotep wrote
> Maybe maybe not. Maybe all you can do with the javascript hole is
> DOS the other browsers (basically causing Firfox to crash but,
> not allow remote access)...

Karl Levinson, mvp wrote:
> "All you can do?" So you're rating this as a low severity
> vulnerability? But you attack Microsoft for supposedly doing the
> same?

Imhotep wrote:
> http://xforce.iss.net/xforce/xfdb/20783
>
> From that page
> "It is reported that this vulnerability could be exploited to cause
> a denial of service on Firefox and Opera Web browsers, but remote
> code execution is not possible."
>
> I certainly could take my web browser crashing over a remote code
> execution from a web site...but that is just me; call me crazy.

That I can agree with.

Crash or possible infiltration?

Not even a fair choice - I can handle the crashing longer than I can handle
someone executing code on my PC that does something horrible. Plus - if it
crashes, you repeat and it does it again - going to that page is a no-go
from that point on and that site will get reported in whatever way I can
report it to whom-ever I can report it.

-- 
Shenan Stanley
     MS-MVP
-- 
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html