Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack over

from [Heikki Toivonen] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception
Date: Sat, 27 Nov 2004 11:07:40 -0800
Jose Nazario wrote:
On Thu, 25 Nov 2004, Heikki Toivonen wrote: 
3. Either login if you already have an account, or click "create new
account". Let's assume we need to create a new account...


requiring someone to register to post a bug is harmful in the sense that
you wind up turning off peopl ewho simply can't be bothered to fill out
that info or wish to remain anonymous. while i definitely see the benefit
of forcing registration or even wanting it, i bet you'e losing more bug
reports than you care to imagine this way.

You won't be losing anonymity - just create a Bugzilla account on Yahoo! or some other free email service and use that for Bugzilla mail.

Your post also pointed out the benefits of requiring registration, and I think they far outweigh the possibility of some bug going unnoticed since it was not reported. If you receive a bug report but can't reproduce it, and you can't communicate with the reporter, you can't do anything but ignore that report.

And if it was not important enough for anyone to register and file the bug, then maybe it wasn't important enough to fix.

But still, having said all this, the Mozilla Foundation is working on finding alternative ways for people to file bug reports, and make it easier.

--
  Heikki Toivonen

Attachment: signature.asc
Description: OpenPGP digital signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-Disclosure] To anybody who's offended by my disclosure policy, ph0enix
Next by Date:  Re: [Full-Disclosure] MS Windows Screensaver Privilege Escalation, Pavel Kankovsky
Previous by Thread:  Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception, Jose Nazario
Next by Thread:  Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception, exon
Indexes:  [Date] [Thread] [Top] [All Lists]