Re: Where is the notificiation about IE zero day vulnerablity?
From: Imhotep (imhotep_at_nospam.com)
Date: 11/28/05
- Next message: Imhotep: "Re: Where is the notificiation about IE zero day vulnerablity?"
- Previous message: Imhotep: "Re: Where is the notificiation about IE zero day vulnerablity?"
- In reply to: Shenan Stanley: "Re: Where is the notificiation about IE zero day vulnerablity?"
- Next in thread: karl levinson, mvp: "Re: Where is the notificiation about IE zero day vulnerablity?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Nov 2005 00:38:51 -0500
Shenan Stanley wrote:
> Imhotep wrote
>> Maybe maybe not. Maybe all you can do with the javascript hole is
>> DOS the other browsers (basically causing Firfox to crash but,
>> not allow remote access)...
>
> Karl Levinson, mvp wrote:
>> "All you can do?" So you're rating this as a low severity
>> vulnerability? But you attack Microsoft for supposedly doing the
>> same?
>
> Imhotep wrote:
>> http://xforce.iss.net/xforce/xfdb/20783
>>
>> From that page
>> "It is reported that this vulnerability could be exploited to cause
>> a denial of service on Firefox and Opera Web browsers, but remote
>> code execution is not possible."
>>
>> I certainly could take my web browser crashing over a remote code
>> execution from a web site...but that is just me; call me crazy.
>
> That I can agree with.
>
> Crash or possible infiltration?
>
> Not even a fair choice - I can handle the crashing longer than I can
> handle
> someone executing code on my PC that does something horrible. Plus - if
> it crashes, you repeat and it does it again - going to that page is a
> no-go from that point on and that site will get reported in whatever way I
> can report it to whom-ever I can report it.
>
Exactly...even home users will just avoid the site saying "This site causes
my browser to blow up" not realizing what is really trying to happen. In
either case they are safer...
Imhotep
- Next message: Imhotep: "Re: Where is the notificiation about IE zero day vulnerablity?"
- Previous message: Imhotep: "Re: Where is the notificiation about IE zero day vulnerablity?"
- In reply to: Shenan Stanley: "Re: Where is the notificiation about IE zero day vulnerablity?"
- Next in thread: karl levinson, mvp: "Re: Where is the notificiation about IE zero day vulnerablity?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
