MozillaWiki

Security Severity Ratings/Merge: Difference between revisions

Page Discussion

Security Severity Ratings/Merge (view source)

Revision as of 18:55, 21 March 2012

71 bytes added ,  21 March 2012
→‎Severity Ratings
Line 60: Line 60:
* Content spoofing (non-html)  
* Content spoofing (non-html)  


;'''sec-other''': Bugs that may not be exploitable security issues but are kept confidential to protect sensitive information. Bugs that contain sensitive information about the bug submitter or another user Bugs that are related to security issues currently unfixed in Mozilla products or other products
''Examples:''
* Flaws we need to track that are not in our code base


;'''Mitigating Circumstances''':
;'''Mitigating Circumstances''':
Line 66: Line 70:
As a rough guide, to be considered for reduction in severity an exploit should  execute successfully less than 10% of the time.  If measures can be taken to improve the reliability of the exploit to over 10% (by combining it with other existing bugs or techniques), then it should not be considered to be mitigated.
As a rough guide, to be considered for reduction in severity an exploit should  execute successfully less than 10% of the time.  If measures can be taken to improve the reliability of the exploit to over 10% (by combining it with other existing bugs or techniques), then it should not be considered to be mitigated.


;'''sec-other''': Bugs that may not be exploitable security issues but are kept confidential to protect sensitive information. Bugs that contain sensitive information about the bug submitter or another user Bugs that are related to security issues currently unfixed in Mozilla products or other products
 
|}
|}


Curtisk
canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/410185"