Florian Weimer wrote:
> Are browser bugs which can result in arbitrary code execution after
> visting a web page still "medium", or should we assign "high" to them?
>
> My hunch is that the free lunch is over as far as Mozilla's code base
> is concerned, and that these bugs begin to pose real risks (soon
> comparable to those PHP application bugs).
We should use "high", although we still have the benefit, that nowadays
the Windows Firefoxen exceed the installed base on GNU/Linux, so attacks
are still more likely to be slainted at Windows.
Cheers,
Moritz
_______________________________________________
Secure-testing-team mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
