On Mon, 6 Dec 2004, Heikki Toivonen wrote: > This crash was fixed today.
Great. > This does not mean crashes will be ignored and will go unfixed. It just > means that they do not receive the urgency that exploitable crashes and > other vulnerabilities receive. But this means, somebody (from mozilla) checked the urgency and decided, that it can wait. It would have been nice and a minimal effort to inform the initial reporter about that. > As a security researcher, I would think it would be your responsibility > to determine the seriousness of an issue. Just saying an app crashes > does not make a security researcher IMO. Even my mom would be able to > report a simple crash. I do not see Niek claiming to be a security researcher. He stumbled into something, that might be a security problem and wanted to make sure, it is treated the right way. He first reported it to bugzilla and after not getting a response, published the information he gathered. What should he (or your mother) do, if mozilla is crashing on a particular web site? Shut up? Learn how to write a buffer overflow exploit before reporting it? bye, ju -- Juergen Schmidt Chefredakteur heise Security www.heisec.de Heise Zeitschriften Verlag, Helstorferstr. 7, D-30625 Hannover Tel. +49 511 5352 300 FAX +49 511 5352 417 EMail [EMAIL PROTECTED] GPG-Key: 0x38EA4970, 5D7B 476D 84D5 94FF E7C5 67BE F895 0A18 38EA 4970 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
