When does a "bug" become a "security issue"?
This recently reported "security issue" in FireFox reported:
http://www.mozilla.org/security/shell.html
http://bugzilla.mozilla.org/show_bug.cgi?id=250180
and http://www.mccanless.us/mozilla/mozilla_bugs.htm
seems to do nothing more than opens up a "Windows Explorer" window at the specified folder location. (or in the case of the last example they say it can crash the system, but this didn't happen on my version of FireFox which was supposedly an affected version)
Can somebody please explain to me how this can possibly be interpreted as anything more than a simple bug in the case that it crashes the system, because I have failed to think of any possible ways that a malicious user could gain anything by putting a link to shell:windows on their homepage.
At first I thought his example of putting a document in a IFrame on the page would allow the site to use JavaScript to read the contents of that document, but on my system (FireFox 0.9) that page actually causes an instance of IE6 to open with the specified page. So obviously that isn't possible.
So please tell me why this is classified/reported as a security issue when it is simply a bug?
Chris
Saturday, July 10, 2004
Here's a simple test:
1) Are people going to ignore it because they're too lazy to download the patch?
2) Can it make it onto the nightly news?
3) Will it start a flame war on JOS or Slashduh?
If you can answer 'yes' to those questions, you've got a security issue, and not a bug.
Cap'n Kirk
Sunday, July 11, 2004
It's a security issues when it compromises your security.
This issue can allow a server to run arbitrary code on your machine.
Ori Berger
Sunday, July 11, 2004
If it can open IE that is security issue :)
Stephen Jones
Sunday, July 11, 2004
Yes, once something manages to open an IE window, considering how troublesome IE is, it is now a security issue.
KC
Sunday, July 11, 2004
Recent Topics
Fog Creek Home
|