Coffeehouse Thread

28 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Firefox vunerability "impossible to patch"

Back to Forum: Coffeehouse
  • User profile image
    Oberon

    petknep_home wrote:
    
    The problem with your response that $15,000 for 30 exploits is basically nothing between two people. A given browser exploit for IE supposedly has a street value of $10,000. Assuming FireFox exploits are about the same in price, they make 20x by holding them back from MoFo.

    Not to mention that they have jobs. Well at least Mischa Spiegelmock does. Maybe he will change his mind after Six Apart fires him. I can't imagine any business trusting a company that knowingly employs  blackhat hackers.

  • User profile image
    Rossj

    Apparently this is a hoax. I hate to think how much dev time this might have wasted, and can imagine how upset a corporate might be if someone pulled this one and they wasted hours or days looking for a bug that was already known about.

  • User profile image
    Rotem Kirshenbaum

    Rossj wrote:
    Apparently this is a hoax. I hate to think how much dev time this might have wasted, and can imagine how upset a corporate might be if someone pulled this one and they wasted hours or days looking for a bug that was already known about.


    Hoax or not, it doesn't mean that the implementation of JavaScript in FF is not almost impossible to patch.

    Rotem

  • User profile image
    Rossj

    Rotem Kirshenbaum wrote:
    
    Rossj wrote:Apparently this is a hoax. I hate to think how much dev time this might have wasted, and can imagine how upset a corporate might be if someone pulled this one and they wasted hours or days looking for a bug that was already known about.


    Hoax or not, it doesn't mean that the implementation of JavaScript in FF is not almost impossible to patch.

    Rotem


    I think the fact that the FF devs have already 'patched' the problem proves otherwise Wink

  • User profile image
    Another_​Darren

    Rotem Kirshenbaum wrote:
    
    Rossj wrote:Apparently this is a hoax. I hate to think how much dev time this might have wasted, and can imagine how upset a corporate might be if someone pulled this one and they wasted hours or days looking for a bug that was already known about.


    Hoax or not, it doesn't mean that the implementation of JavaScript in FF is not almost impossible to patch.

    Rotem


    Wow, you laid it out with all the facts...  "doesn't mean", "not almost"

  • User profile image
    Rotem Kirshenbaum

    Another_Darren wrote:
    
    Rotem Kirshenbaum wrote: 
    Rossj wrote: Apparently this is a hoax. I hate to think how much dev time this might have wasted, and can imagine how upset a corporate might be if someone pulled this one and they wasted hours or days looking for a bug that was already known about.


    Hoax or not, it doesn't mean that the implementation of JavaScript in FF is not almost impossible to patch.

    Rotem


    Wow, you laid it out with all the facts...  "doesn't mean", "not almost"


    I'm not saying that it's a fact.
    Let me explain: "A is true and B is true". Just because A isn't true doesn't mean the B is false also Smiley

    Heck, I don't know if the JS implementation in Mozilla is a mess or not. If t's really a 10-year old code, than it probably is. Or maybe it's not (tautology rocks ! Tongue Out ).

    Rotem

  • User profile image
    Rossj

    Here we go.

    Alleged hacker wrote:

    The main purpose of our talk was to be humorous.
    ...
    I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly haven’t used it to take over anyone else’s computer and execute arbitrary code.

  • User profile image
    Oberon

    Rossj wrote:
    Here we go.

    Alleged hacker wrote:
    The main purpose of our talk was to be humorous.
    ...
    I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly haven’t used it to take over anyone else’s computer and execute arbitrary code.


    What's everybody upset about? It was all a joke. <insert eye rolling icon here>

  • User profile image
    MB

    Ya, I am being larfing so much I am being making wetting of the pants.

  • User profile image
    Cannot​Resolve​Symbol

    MB wrote:
    Ya, I am being larfing so much I am being making wetting of the pants.


    ?

    Larfing?

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.