[Secure-testing-team] [Secure-testing-commits] r14905 - data/CVE
Giuseppe Iuculano
giuseppe at iuculano.it
Mon Jul 5 21:23:44 UTC 2010
On 07/05/2010 07:37 PM, Nico Golde wrote:
> Every serious security researcher/enthusiast should question himself if a note
> such as "poc doesn't work" is acceptable. Imho it's not, it's a PoC, nothing
> more. If a PoC doesn't work that doesn't mean there is no vulnerability. Such
> notes are also not acceptable for the security tracker. If it can't work
> because of something else or there is more reasoning behind that, please note
> it and be verbose.
In this specific case this CVE seems to me a little weird. There is only
a PoC that doesn't work in any browser (chromium included).
So if you mean that we should track all browser vulnerable to
ClickJacking, I think this is a little insane, practically all browser
are vulnerable.
Cheers,
Giuseppe.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20100705/99a90ae3/attachment.pgp>
More information about the Secure-testing-team
mailing list