> This is an out of bounds memory read that crashes the browser. It > is a major exaggeration to call this a vulnerability, especially > considering this is a beta browser. Not that others haven't already > said it, but people never seem to learn that a browser crash is a > stability issue, not a security issue. >
This is a healthy discussion. This topic leads to a very good question. When do we call a bug as a vulnerability and when does an issue really turn out to be a security issue. When we have memory index out of bound error or when we have a OS level code having a out of bound memory error or when we reference an index value that doesn't exist or in many other cases, we do reference it as a vulnerability. So, in such cases where simple bugs and vulnerabilities overlap, is it not good to call it a vulnerability and correct it rather than downgrading from what it should be. I am not saying anything pertaining to this situation or redb0ne's email. It is a really good topic to discuss about. Like what redb0ne has mentioned, we always have 2 subsets. Common bugs that are not security related and something that is a security issue. And the overlap in these two would be bugs that leads to vulnerabilities. Let me know if I am missing something or if you guys know some materials where I can learn such missing gaps. My sincere apologies if this email sounded stupid. Shyaam > > > > -----BEGIN PGP SIGNATURE----- > Note: This signature can be verified at https://www.hushtools.com/verify > Charset: UTF8 > Version: Hush 3.0 > > wpwEAQMCAAYFAki+9g8ACgkQGwcl4JwqQeBgBgP/YGeDE2VtxDaxw4S81LadJc0GbCJo > BmkN5g+6VhimPxUwvLgGyYoyaJg+Ab/cPzDELLMfp6h9jV+14jLO+2NYMnM8/G236Xjd > sew1u81YXnKUjaDkX0clUT9K9sWkQ2kJwnH6ZbMncnSpTXBLISiXyhoDCvtrdeTI1y8t > 9a2kAMc= > =ysci > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
