Bad FireFox Hole

Miscellaneous > Applications

Bad FireFox Hole

<< < (6/7) > >>

piratePenguin:

--- Quote from: skyman8081 ---Are you actually implying that the availibility of source code makes a peice of software inherently better?
--- End quote ---
I never suggested that.
You should read this tho. The following is stolen from that:

--- Quote from: Bertrand Serlet, senior vice president of software at Apple ---"A lot of security problems derive from the core ... [With open-source code,] thousands of people look at the critical portions of source code and ... check [to make sure that] those portions are right. It's a major advantage to have open-source code."
--- End quote ---

muzzy:
I'd like to mention that the bug I'm touting about was independently found by my friend, who actually tried to do document.write() inside a stylesheet. I didn't just go looking through the bug database, looking for a crash bug. I only found afterwards that the bug had already been known for quite a while.

Also, while this demonstration doesn't show any code execution, HOW CAN YOU KNOW it isn't a remote code execution hole? Every crash bug potentially is, and it takes a while to analyze it to see if it is or isn't. This is damn well a critical hole.

piratePenguin:

--- Quote from: muzzy ---I'd like to mention that the bug I'm touting about was independently found by my friend, who actually tried to do document.write() inside a stylesheet. I didn't just go looking through the bug database, looking for a crash bug. I only found afterwards that the bug had already been known for quite a while.

Also, while this demonstration doesn't show any code execution, HOW CAN YOU KNOW it isn't a remote code execution hole? Every crash bug potentially is, and it takes a while to analyze it to see if it is or isn't. This is damn well a critical hole.
--- End quote ---
I'm sure your friend is very pissed off that (s)he can't do document.write() inside a stylesheet without Firefox crashing. Why would (s)he want to do such a thing (I have no idea about this XML/etc. stuff)?

Calum:
that's hardly the point though, is it? perhaps the aim of somebody who did such a thing is to crash firefox? in which case, it needs fixed.

piratePenguin:

--- Quote from: Calum ---that's hardly the point though, is it? perhaps the aim of somebody who did such a thing is to crash firefox? in which case, it needs fixed.
--- End quote ---
If it happened to every second webpage, yes, it would be fixed in no time at all. But very, very few people are gonna be crashed because, obviously, it seems that document.write(), or whatever, inside stylesheets, isn't incredibly popular.

Yea, I agree that it should be fixed, but it shouldn't be a huge priority. And it's not gonna make anyone switch from Firefox back to IE, I would hope.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version