[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] OT: Firefox question / poll

To: Charles Morris <cmorris@xxxxxxxxxx>
Subject: Re: [Full-disclosure] OT: Firefox question / poll
From: coderman <coderman@xxxxxxxxx>
Date: Tue, 20 Dec 2011 16:00:06 -0800

On Tue, Dec 20, 2011 at 9:40 AM, Charles Morris <cmorris@xxxxxxxxxx> wrote:
> I'm curious what everyone's opinion is on the following question...
> esp. to any FF dev people on list:
>
> Do you think that the Firefox "warning: unresponsive script" is meant
> as a security feature or a usability feature?

anyone who said "security feature" is an idiot and/or not thinking clearly.
your security is harmed by malicious script in milliseconds.
this does nothing to protect you from anything.*

it is purely a usability feature in response to shitty developers
writing shitty webapps leading to excessively long script execution
(which can thus be terminated if desired once this warning presents)

* someone may say "availability is a security requirement!". true, but
then a modem link to web 2.0 is a DoS, and there's simply no point
going down that road...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] OT: Firefox question / poll
  - From: Dan Kaminsky

References:
- [Full-disclosure] OT: Firefox question / poll
  - From: Charles Morris

Prev by Date: [Full-disclosure] TWSL2011-018: Authentication Bypass Vulnerability in IBM TS3100/TS3200 Web User Interface
Next by Date: [Full-disclosure] post-XSS landscape
Previous by thread: Re: [Full-disclosure] OT: Firefox question / poll
Next by thread: Re: [Full-disclosure] OT: Firefox question / poll
Index(es):
- Date
- Thread