Re: Where is the IE zero day exploit in the news...
From: Unruh (unruh-spam_at_physics.ubc.ca)
Date: 11/28/05
- Next message: Shenan Stanley: "Re: Got hacked... need legal advise on action that I may take"
- Previous message: Marcy: "Re: need safe stats counter"
- In reply to: Karl Levinson, mvp: "Re: Where is the IE zero day exploit in the news..."
- Next in thread: karl levinson, mvp: "Re: Where is the IE zero day exploit in the news..."
- Reply: karl levinson, mvp: "Re: Where is the IE zero day exploit in the news..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 28 Nov 2005 19:21:12 GMT
"Karl Levinson, mvp" <levinson_k@despammed.com> writes:
>"Imhotep" <imhotep@nospam.com> wrote in message
>news:l4SdndJ7tuWc0hfenZ2dnUVZ_tidnZ2d@adelphia.com...
>> >>This vulnerability affects Firefox as well. So it's not really an "IE
>> >>vuln."
>> >
>> >>http://xforce.iss.net/xforce/xfdb/20783
>> >
>> > From that page
>> > "It is reported that this vulnerability could be exploited to cause a
>> > denial of service on Firefox and Opera Web browsers, but remote code
>> > execution is not possible."
>> >
>> > I would say that remote code execution is far worse than crashing the
>> > browser.
>>
>> ...thanks. That is exactly what I have been trying to say...
>No, what you've been trying to say is that Microsoft was severely in error
>and should not have rated this as "low" when it was "only a denial of
>service." But that's the opposite of what the two of you are saying now
>when considering the exact same vulnerability affecting Firefox, that it's
>OK to minimize the Firefox vuln as being "just a denial of service." There
I never said anything like that. I said that remote code execution is much
worse than denial of service and I still stand by that.
>are two different viewpoints being expressed here that are inconsistent with
>each other. If the Firefox vuln is "only a denial of service," then the IE
>vuln has only been a known remote code execution vuln for a week or so, not
>six months.
And I said "only denial of service" where?
>Microsoft is being faulted here for not notifying customers [although it
>has]. I couldn't find anything on the Firefox web site about this. Not
>only haven't they patched this, they haven't notified customers like
>Microsoft has. Presumably they're still testing and reproducing the
>vulnerability. Which goes back to what I was saying about not assuming that
>Microsoft can necessarily always repro a vuln overnight when a finder
>refuses to give them all the details.
6 months sounds a bit extreme however. You must live at the north pole or
south pole, for that to be overnight.
- Next message: Shenan Stanley: "Re: Got hacked... need legal advise on action that I may take"
- Previous message: Marcy: "Re: need safe stats counter"
- In reply to: Karl Levinson, mvp: "Re: Where is the IE zero day exploit in the news..."
- Next in thread: karl levinson, mvp: "Re: Where is the IE zero day exploit in the news..."
- Reply: karl levinson, mvp: "Re: Where is the IE zero day exploit in the news..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
