Marc Haber <[EMAIL PROTECTED]> writes:
> On Wed, Nov 23, 2005 at 10:53:46PM -0800, Thomas Bushnell BSG wrote:
>> Florian Weimer <[EMAIL PROTECTED]> writes:
>> > Suppose that the web browser always crashes when confronted with
>> > certain input, losing all of its state. With tabbed browsing,
>> >
On Wed, Nov 23, 2005 at 10:53:46PM -0800, Thomas Bushnell BSG wrote:
> Florian Weimer <[EMAIL PROTECTED]> writes:
> > Suppose that the web browser always crashes when confronted with
> > certain input, losing all of its state. With tabbed browsing,
> > multiple browser opened by the same process e
Florian Weimer <[EMAIL PROTECTED]> writes:
> Suppose that the web browser always crashes when confronted with
> certain input, losing all of its state. With tabbed browsing,
> multiple browser opened by the same process etc., this means that
> potentially important work is lost.
In the case of g
Bonjour ,
Je m'appelle charline Mahy et je cherche a joindre monsieur Peter Cordes
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Florian Weimer <[EMAIL PROTECTED]> wrote:
> It seems that I have difficulty understanding what constitutes a
> security bug in a web browser.
>
> Suppose that the web browser always crashes when confronted with
> certain input, losing all of its state. With tabbed browsing,
> multiple browser op
In article <[EMAIL PROTECTED]> you wrote:
> Well, obviously it is not a _security_ bug, since it has nothing to do
> with security.
...
> well, that's obviously for me, but maybe someone else has a different
> opion about this issue?
Your definition and mine of security are not compatible :)
(av
I realy need to kno How to chang my password for my
yahoo messenger it is very important .
On Wed, Nov 23, 2005 at 12:59:02PM +0100, Florian Weimer wrote:
> Availability is typically considered one aspect of security (and
> arguably the hardest one to get right in networked applications).
I tend to consider it the other way around. Security is a subset of
availability. Availability mu
On Wed, Nov 23, 2005 at 12:15:35PM +0100, Jasper Filon wrote:
> Well, obviously it is not a _security_ bug, since it has nothing to do
> with security. However, it is a bug, maybe even a critical one.
I filed a couple of bugs on Mozilla relating to DOS attacks,
crashing the browser on some bad
Jasper,
It's pretty much open for debate.
The subtlety lies in the "certain input" mentioned by Florian. For the
sake of argument, imagine you can create a webpage which when rendered
will make the browser crash.
You could trick users into surfing to your page, by e.g. spam mailing your
URL arou
* Jasper Filon:
> Well, obviously it is not a _security_ bug, since it has nothing to do
> with security.
Availability is typically considered one aspect of security (and
arguably the hardest one to get right in networked applications).
For example, here's a quote from FIPS 199:
| Security Obje
* Quoting Jasper Filon ([EMAIL PROTECTED]):
> Well, obviously it is not a _security_ bug, since it has nothing to do
> with security. However, it is a bug, maybe even a critical one.
> As long as the bug does not compromise the security of the system
> (enables unauthorised execution of code, acc
Well, obviously it is not a _security_ bug, since it has nothing to do
with security. However, it is a bug, maybe even a critical one.
As long as the bug does not compromise the security of the system
(enables unauthorised execution of code, access to memory of other
process of manipulating the co
It seems that I have difficulty understanding what constitutes a
security bug in a web browser.
Suppose that the web browser always crashes when confronted with
certain input, losing all of its state. With tabbed browsing,
multiple browser opened by the same process etc., this means that
potentia
14 matches
Mail list logo