RE: Mozilla Firefox "Host:" Buffer Overflow

["Bruce Ediger" <eballen1 () qwest net>]

On Fri, 9 Sep 2005, Larry Seltzer wrote:

> > Well, MSFT is going to issue a critical patch next Tuesday.  Maybe this is a shiny object,
> > intended to divert some media pressure away from an MSFT design botch.
>
> Allright, maybe I haven't listened to enough Air America lately, so help me
> out with how this conspiracy works. Are you saying that Tom Ferris is a
> Microsoft stooge and the fact that he only announced a critical IE
> vulnerability without providing details or a POC, whereas he provided both
> for a critical vulnerability in Firefox, was done because Microsoft paid him
> to do so? Because that seems to be the essence of what you're implying.

Sure, that's exactly it.  The IE vulnerability without POC doesn't get
any "days of exposure" or whatever it is that MSFT uses to calculate how
bad Mozilla and Firefox are vs IE.  The Firefox details and POC causes
instant exposure, and gets much worse bad press.

Look at what else has turned up in the "trade press" lately (within the
last 2 weeks):

ZDNet Australia denigrates Mac security: 
http://zdnet.com.au/news/security/soa/Mac_community_must_wake_up_to_security/0,2000061744,39210762,00.htm
Kaspersky beats the "Linux is next!" drum: http://www.linuxplanet.com/linuxplanet/reports/5997/1/

Shiny objects for the press to fixate on everywhere, I tell you!

If you can get a hold of a copy of the now-defunt "Brill's Content"
magazine for September of 1998, you can read a big expose' of the
way MSFT deals with reporters and trade pressmen.  I doubt that
any money changes hands on these things.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/