[Secure-testing-commits] r14136 - in data: . CVE
Michael Gilbert
michael.s.gilbert at gmail.com
Tue Feb 23 21:50:15 UTC 2010
On Tue, 23 Feb 2010 22:26:28 +0100, Moritz Muehlenhoff wrote:
> On Mon, Feb 22, 2010 at 07:42:01PM -0500, Michael Gilbert wrote:
> > On 2/22/10, Moritz Muehlenhoff wrote:
> > > - webworker issues affects Firefox 3.0 according to Mozilla
> >
> > i'm afraid that mozilla doesn't know their own code very well. web
> > workers are part of html 5 and introduced in gecko 1.9.1 [0].
>
> Oh, well...
>
> Please send a mail to security at mozilla.org so that they fix their
> advisory.
>
> > > - don't treat pidgin as unimportant
> >
> > for the betterment of my own understanding, and so i can do a better
> > job in the future, why are remote denial-of-services relevant for
> > messaging clients like pidgin but not browsers like xulrunner? it
> > seems to me like they are in a similar class.
>
> Navigating a web browser is much more user driven. If a web site
> continues to crash you'll simply ignore it. For an IM client we're
> treating it as DoS if the client can be crashed through a malformed
> chat message/invite/etc. Does that clear things up?
yes.
mike
More information about the Secure-testing-commits
mailing list