'Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious
From:       "James Matthews" <nytrokiss () gmail ! com>
Date:       2007-09-30 6:58:29
Message-ID: 8a6b8e350709292358y31ff426co2be001b33796330d () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Correct! The line is always "there is no patch for human stupidity"

On 9/29/07, Jimby Sharp <jimbysharp@gmail.com> wrote:
>
> Exactly! And the so called security experts who are giving long
> lectures in the list about how any bug can result in a potential
> security flaw, they are forgetting that if a security flaw arises it
> arises because of the programmer and not Firefox.
>
> If I use strcpy() to read user input into a buffer, I am at fault and
> not C compiler.
>
> On 9/30/07, Andrew Farmer <andfarm@gmail.com> wrote:
> > On 28 Sep 07, at 19:25, wac wrote:
> > > On 9/28/07, Jimby Sharp <jimbysharp@gmail.com> wrote:
> > >> How is this serious and is it related to security in any manner? If
> > >> not, please do not spam. :-(
> > >
> > >  Many bugs are security related (I would say all). How it is security
> > > related? Think. What happens if your bank calculates something
> > > wrong and
> > > puts the lower in your account and the higher in another account?
> > > Yes It
> > > might be little but what about a little many
> > > times? That could be done with javascript too. Then... you are not
> > > safe
> > > anymore.
> >
> > If your bank is doing financial calculations using Javascript in a
> > standard web browser, you have bigger things to worry about than
> > roundoff errors.
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
http://www.goldwatches.com/mens/cufflinks.html
http://www.jewelerslounge.com

[Attachment #5 (text/html)]

Correct! The line is always &quot;there is no patch for human stupidity&quot; \
<br><br><div><span class="gmail_quote">On 9/29/07, <b class="gmail_sendername">Jimby Sharp</b> \
&lt;<a href="mailto:jimbysharp@gmail.com">jimbysharp@gmail.com </a>&gt; \
wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); \
margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Exactly! And the so called security experts who \
are giving long<br>lectures in the list about how any bug can result in a potential \
<br>security flaw, they are forgetting that if a security flaw arises it<br>arises because of \
the programmer and not Firefox.<br><br>If I use strcpy() to read user input into a buffer, I am \
at fault and<br>not C compiler. <br><br>On 9/30/07, Andrew Farmer &lt;<a \
href="mailto:andfarm@gmail.com">andfarm@gmail.com</a>&gt; wrote:<br>&gt; On 28 Sep 07, at \
19:25, wac wrote:<br>&gt; &gt; On 9/28/07, Jimby Sharp &lt;<a \
href="mailto:jimbysharp@gmail.com"> jimbysharp@gmail.com</a>&gt; wrote:<br>&gt; &gt;&gt; How is \
this serious and is it related to security in any manner? If<br>&gt; &gt;&gt; not, please do \
not spam. :-(<br>&gt; &gt;<br>&gt; &gt;&nbsp;&nbsp;Many bugs are security related (I would say \
all). How it is security <br>&gt; &gt; related? Think. What happens if your bank calculates \
something<br>&gt; &gt; wrong and<br>&gt; &gt; puts the lower in your account and the higher in \
another account?<br>&gt; &gt; Yes It<br>&gt; &gt; might be little but what about a little many \
<br>&gt; &gt; times? That could be done with javascript too. Then... you are not<br>&gt; &gt; \
safe<br>&gt; &gt; anymore.<br>&gt;<br>&gt; If your bank is doing financial calculations using \
Javascript in a<br>&gt; standard web browser, you have bigger things to worry about than \
<br>&gt; roundoff errors.<br>&gt;<br>&gt; \
_______________________________________________<br>&gt; Full-Disclosure - We believe in \
it.<br>&gt; Charter: <a \
href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html
 </a><br>&gt; Hosted and sponsored by Secunia - <a \
href="http://secunia.com/">http://secunia.com/</a><br>&gt;<br><br>_______________________________________________<br>Full-Disclosure \
- We believe in it.<br>Charter: <a \
href="http://lists.grok.org.uk/full-disclosure-charter.html"> \
http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia - \
<a href="http://secunia.com/">http://secunia.com/</a><br></blockquote></div><br><br \
clear="all"><br>-- <br><a href="http://www.goldwatches.com/mens/cufflinks.html"> \
http://www.goldwatches.com/mens/cufflinks.html</a><br><a \
href="http://www.jewelerslounge.com">http://www.jewelerslounge.com</a>



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic