[Secure-testing-commits] r14136 - in data: . CVE
Moritz Muehlenhoff
jmm at inutil.org
Tue Feb 23 21:26:28 UTC 2010
On Mon, Feb 22, 2010 at 07:42:01PM -0500, Michael Gilbert wrote:
> On 2/22/10, Moritz Muehlenhoff wrote:
> > - webworker issues affects Firefox 3.0 according to Mozilla
>
> i'm afraid that mozilla doesn't know their own code very well. web
> workers are part of html 5 and introduced in gecko 1.9.1 [0].
Oh, well...
Please send a mail to security at mozilla.org so that they fix their
advisory.
> > - don't treat pidgin as unimportant
>
> for the betterment of my own understanding, and so i can do a better
> job in the future, why are remote denial-of-services relevant for
> messaging clients like pidgin but not browsers like xulrunner? it
> seems to me like they are in a similar class.
Navigating a web browser is much more user driven. If a web site
continues to crash you'll simply ignore it. For an IM client we're
treating it as DoS if the client can be crashed through a malformed
chat message/invite/etc. Does that clear things up?
Cheers,
Moritz
More information about the Secure-testing-commits
mailing list