Full Disclosure mailing list archives

Re: Two MSIE 6.0/7.0 NULL pointer crashes

From: Yigit Turgut <y.turgut () gmail com>
Date: Thu, 21 Jan 2010 01:46:09 +0200

Date: Wed, 20 Jan 2010 19:25:11 +0100
From: Dan Kaminsky <dan () doxpara com>
Subject: Re: [Full-disclosure] Two MSIE 6.0/7.0 NULL pointer crashes
To: Valdis.Kletnieks () vt edu
Cc: Full-disclosure <full-disclosure () lists grok org uk>
Message-ID:
       <f26cd0911001201025g7085cfe0t7b3fa4cb055ec475 () mail gmail com>
Content-Type: text/plain; charset=ISO-8859-1

On Wed, Jan 20, 2010 at 7:00 PM,  <Valdis.Kletnieks () vt edu> wrote:

On Wed, 20 Jan 2010 10:38:34 EST, James Matthews said:

Why doesn't microsoft throw some of it's weight behind Mozilla and ditch

IE

forever. It doesn't suit their image.


Unfortunately, the PR doesn't work that way. ?Do you really want to be

buying

an entire operating system from somebody who just admitted they can't

even

produce a workable browser with all their resources?

(Note this works differently in the Linux world, where the kernel crew

doesn't

even pretend to write browsers, and the Firefox crew *just* does

browsers, and

somebody else *just* does OpenOffice, and distros (for the most part)

just worry

about integration issues, and everybody only claims to do their little

part

well)


Seriously.  I mean, just look at Linux, Firefox, and OpenOffice.
Pristine code, not a single security vulnerability between them :)



Well, there are vulnerabilities in Linux, FF and OpenOffice but these are
not much covered in media compared to MS products.
One main reason for this is that unless it is in kernel or a default suid
application etc, -eventought it is open source- it will require significant
amount of skills (more than you need on win) to exploit these vulns for
beneficial purposes due to solid architecture of unix and variants.I am not
saying open-source folks are doing a bad job (actually I believe they rock)
but your comment leaves an impression like they have flawless quality of
code and this is the only reason there are less vulnerabilities in these
platforms.

There are undisclosed vulnerabilities in  the latest kernel and also in
Firefox but they are *most likely* not used in criminal activities and etc -
which is keeping them low/medium profile (even if they go public,
statistical data)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Two MSIE 6.0/7.0 NULL pointer crashes, (continued)
- - - Re: Two MSIE 6.0/7.0 NULL pointer crashes Jeffrey Walton (Jan 20)
- Re: Two MSIE 6.0/7.0 NULL pointer crashes mrx (Jan 20)
  - Re: Two MSIE 6.0/7.0 NULL pointer crashes Dan Kaminsky (Jan 20)
    - Re: Two MSIE 6.0/7.0 NULL pointer crashes Michal Zalewski (Jan 20)
    - Re: Two MSIE 6.0/7.0 NULL pointer crashes mrx (Jan 21)
    - Re: Two MSIE 6.0/7.0 NULL pointer crashes Dan Kaminsky (Jan 21)
    - Re: Two MSIE 6.0/7.0 NULL pointer crashes Christian Sciberras (Jan 21)
    - Re: Two MSIE 6.0/7.0 NULL pointer crashes Jeffrey Walton (Jan 21)
    - Re: Two MSIE 6.0/7.0 NULL pointer crashes Pavel Kankovsky (Jan 23)
    - Re: Two MSIE 6.0/7.0 NULL pointer crashes Dan Kaminsky (Jan 23)
- Re: Two MSIE 6.0/7.0 NULL pointer crashes Yigit Turgut (Jan 20)