Security Reporting - how critical is "Critical"?
What's the difference between these two vulnerability reports?
- Firefox "focus()" Memory Corruption Weakness
- Internet Explorer "object" Tag Memory Corruption Code Execution
Okay, so the first couple of differences are obvious - the Firefox one is "Not Critical", as it is a "Denial of Service" attack; the Internet Explorer one is "Highly Critical", as it allows "System Access" (execution of code).
Now, let's look at the details - particularly, the original advisories on which these are based...
The Firefox bug: "can be exploited to corrupt the memory and cause a crash...", "By manipulating this feature a buffer overflow will occur."
The Internet Explorer bug: "At first sight, this vulnerability may offer a remote compromise vector,
although not necessarily a reliable one."
Okay, so in neither one has a remote execution been demonstrated. Each one allows the remote attacker to corrupt memory. Why the difference in criticality?
Obviously, I'm missing something here, but I'm not sure what it is. Anyone out there have a better clue than I do?