AND STILL!! - | DSLReports Forums (Page 2)

Author	All Replies
drew Automatic Premium join:2002-07-10 Port Orchard, WA kudos:6 Reviews: ·wavebroadband	reply to Jeremy341 Re: AND STILL!! said by Jeremy341: Most of them aren't, but Mozilla can mark any exploit as confidential, and keep it under wraps. You're mixed up in the head. You can't keep an exploit "confidential." When an exploit becomes an exploit, it is public knowledge. The vulnerability that allowed said exploit probably won't be/isn't common knowledge. -- \|DSLR IRC\|\|hostingking.us\|\|quotes\|
	to forum · permalink · 2004-09-29 00:23:33 ·
Jeremy341 Bye Premium join:2000-01-06 localhost	reply to VirtualLarry said by VirtualLarry: said by Jeremy341: OK, let me rephrase what I said. No exploits have come out for IE6 SP2 since it entered beta. How about this one: »www.securityfocus.com/archive/1/···-09-20/0 First I've heard of that, and for good reason: I just tried it out, and the sample exploit he posted doesn't even work. Even if it does work (which I'm now very skeptical about), it requires the plugin to already be installed on the machine. If you've already got a malicious plugin installed, then you've got other problems. -- I do not trust Firefox. Spread anything besides that horrid piece of crap.
	to forum · permalink · 2004-09-29 00:24:54 ·
Jeremy341 Bye Premium join:2000-01-06 localhost	reply to drew said by drew: You're mixed up in the head. You can't keep an exploit "confidential." When an exploit becomes an exploit, it is public knowledge. I was using the same terminology as the poster I was responding to. Talk about picking nits, damn. -- I do not trust Firefox. Spread anything besides that horrid piece of crap.
	to forum · permalink · 2004-09-29 00:26:15 ·
drew Automatic Premium join:2002-07-10 Port Orchard, WA kudos:6	reply to Jeremy341 I believe the vulnerability shown is more of an example of the general issue, while the exploit is a means to show that vulnerability in action.
	to forum · permalink · 2004-09-29 00:27:15 ·

Jeremy341 Bye Premium join:2000-01-06 localhost	said by drew: I believe the vulnerability shown is more of an example of the general issue, while the exploit is a means to show that vulnerability in action. Yes, the supposed "general issue" is that IE doesn't block the plugin from running if some special HTML codes are in the document. In order for IE to stop something from running, it must already be installed. This vulnerability does not allow a plugin to be installed without user intervention, therefore it is pretty harmless. -- I do not trust Firefox. Spread anything besides that horrid piece of crap.
	to forum · permalink · 2004-09-29 00:30:21 ·
drew Automatic Premium join:2002-07-10 Port Orchard, WA kudos:6	whether you consider it harmless or not, it still exists(ed) (stuff doesn't make it to the tracker without being generally repoducable).
	to forum · permalink · 2004-09-29 00:33:26 ·
Jeremy341 Bye Premium join:2000-01-06 localhost 1 edit	It's a small problem in a new feature of the browser, nothing more. It is completely harmless, just like all of the other stupid "vulnerabilities" that have been found in SP2. A lot of them boil down to something that you already allowed onto your system being able to run without a warning message. WHO CARES? Edit: yes, I know, you probably care. It's a rhetorical question, don't respond.
	to forum · permalink · 2004-09-29 00:39:38 ·
drew Automatic Premium join:2002-07-10 Port Orchard, WA kudos:6 Reviews: ·wavebroadband	said by Jeremy341: It's a small problem in a new feature of the browser, nothing more. It is completely harmless, just like all of the other stupid "vulnerabilities" that have been found in SP2. A lot of them boil down to something that you already allowed onto your system being able to run without a warning message. WHO CARES? to that, I say this: said by Jeremy341: OK, let me rephrase what I said. No exploits have come out for IE6 SP2 since it entered beta. Any vulnerability, no matter how bad, is meaningless until an exploit exists. I'm not saying vulnerabilities shouldn't be patched until an exploit exists, but as long as they get patched before one exists, it doesn't really matter. -- \|DSLR IRC\|\|hostingking.us\|\|quotes\|
	to forum · permalink · 2004-09-29 00:44:20 ·
Jeremy341 Bye Premium join:2000-01-06 localhost	Little things like this that can't do any harm don't count, sorry. Show me a vulnerability with some potential, not just these worthless duds. I don't even consider them to be vulnerabilities. -- I do not trust Firefox. Spread anything besides that horrid piece of crap.
	to forum · permalink · 2004-09-29 00:48:06 ·
SRFireside join:2001-01-19 Houston, TX	reply to Jeremy341 said by Jeremy341: Well, I'll just say that since I began using this version of IE almost a year ago, there have been no vulnerabilities discovered in it. Didn't service pack 2 just come out? How can we be talking about a version of IE6 that's been around for almost a year?
	to forum · permalink · 2004-09-29 10:54:57 ·
Jeremy341 Bye Premium join:2000-01-06 localhost	said by SRFireside: Didn't service pack 2 just come out? How can we be talking about a version of IE6 that's been around for almost a year? SP2 just came out of beta testing. I was a beta tester, and I was using it since it first entered beta in December of 2003. -- I do not trust Firefox. Spread anything besides that horrid piece of crap.
	to forum · permalink · 2004-09-29 13:38:33 ·

Browser Breakdown > AND STILL!!

Re: AND STILL!!