There was some confusion as to whether this bug
(https://bugzilla.mozilla.org/show_bug.cgi?id=307259 in bugzilla) was
similar or identical to https://bugzilla.mozilla.org/show_bug.cgi?id=267669.
David Baron of Mozilla is saying (I think - see
https://bugzilla.mozilla.org/show_bug.cgi?id=267669#c39)
Aviv Raff wrote:
> my mozilla bugs are wide open in bugzilla.
> afaik her m4j3sty mitchell's bounties does not require silence.
I guess you need to read the bug-bounty guidelines again:
http://www.mozilla.org/security/bug-bounty.html
"...be sure to check the box near the bottom of the entry
(the most common examples of MS who^H^H^H zealots are:
1. "MS is giving me money, so billg is good")
must be Paul's grey hat continues to get whiter by the day , i thought
it was just because his mom never taught him not to bleach dark
clothes.
-illwill
> my mozilla bugs are wide open in bugzilla.> afaik her m4j3sty mitchell's bounties does not require silence.
Sorry, but security issues involved in the bug-bounty program are not publicly available until the patch is released. And even then Mozilla team sometimes waits few more weeks (e.g.
http:
On Sun, Sep 11, 2005 at 02:13:42PM -0700, Aviv Raff wrote:
> ...snip...
> users, and not for the 500$ (for each not publicly disclosed vulnerability)
> from the Mozilla foundation.
my mozilla bugs are wide open in bugzilla.
afaik her m4j3sty mitchell's bounties does not require silence.
this is
Yeah right.. and you decide to publicly disclose IE vulnerabilities before they get patched, but not FireFox vulnerabilities for the good health of FF users, and not for the 500$ (for each not publicly disclosed vulnerability) from the Mozilla foundation.
http://www.mozilla.org/press/mozilla-2
On Sun, Sep 11, 2005 at 11:08:32PM +0300, Georgi Guninski wrote:
> the most common examples of MS who^H^H^H zealots are:
> 1. "MS is giving me money, so billg is good"
> 2. "i can't do anything except winblows, so i have winblows dependency.
> no MS, no money, no love"
... and then there are t
On Sun, Sep 11, 2005 at 02:52:05AM -0400, Paul wrote:
> snip just being hypocritical, something that I have found to be quite
> common among anti-MS zealots.
speaking of MS zealots, i am doing clinical research (sponsored by a TWO
letter agency) on the psychology of MS zealots.
so the cl
Subject: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow
Exploit
(Just a little heads up, no details or PoC attached)
The security vulnerability in Mozilla FireFox reported by Tom Ferris
is exploitable on Windows.
I de
- Original Message -
From:
Berend-Jan Wever
To: full-disclosure@lists.grok.org.uk
; bugtraq@securityfocus.com ; [EMAIL PROTECTED]
Sent: Saturday, September 10, 2005 6:52
AM
Subject: [Full-disclosure] Mozilla
Firefox "Host:" Buffer Overflow Exploit
(Just a
Berend-Jan Wever napisał(a):
> The security vulnerability in Mozilla FireFox reported by Tom Ferris is
> exploitable on Windows.
It's also easly exploitable on Linux -- no problems with jumping to arbitrary
address:
(gdb) x/i $eip
0x867926c <_ZN16nsTypedSelection5ClearEP14nsIPresContext+2236>:
(Just a little heads up, no details or PoC attached)
The security vulnerability in Mozilla FireFox reported by Tom Ferris is exploitable on Windows.
I developed a working exploit that seems to be 100% stable, though I've only tested it on one system.
The exploit will not be released publicly unti
12 matches
Mail list logo
