Of course there are unreleased 0-days, but you can’t do anything about it. Most of them are even kept secret by companies that sell spy software. However, public 0-days are way more dangerous because they are being exploited actively.
Using a different browser until a particular issue is fixed when you are e.g. a journalist still helps with getting hacked.
Of course there are unreleased 0-days, but you can’t do anything about it.
And that’s exactly my point.
Using a different browser until a particular issue is fixed when you are e.g. a journalist still helps with getting hacked.
Actually no. Because you never know what currently unfixed 0-day is actively exploited in any browser. Using Gecko or Chromium today because Webkit had a security flaw yesterday doesn’t make anything safer. It might comfort you, but that’s it.
The only important metric is the number of 0-day discovered per year per engine. It’s a matter of probability.
Changing engine would be like changing dice because you had a bad number, without knowing how many side you’ll get with the new ones.
Ah, now I got what you meant. I was just suggesting switching temporarily while the published 0-day would be public and unpatched, because this is the time in which the issue would be exploited the most.
Of course there are unreleased 0-days, but you can’t do anything about it. Most of them are even kept secret by companies that sell spy software. However, public 0-days are way more dangerous because they are being exploited actively.
Using a different browser until a particular issue is fixed when you are e.g. a journalist still helps with getting hacked.
And that’s exactly my point.
Actually no. Because you never know what currently unfixed 0-day is actively exploited in any browser. Using Gecko or Chromium today because Webkit had a security flaw yesterday doesn’t make anything safer. It might comfort you, but that’s it.
The only important metric is the number of 0-day discovered per year per engine. It’s a matter of probability.
Changing engine would be like changing dice because you had a bad number, without knowing how many side you’ll get with the new ones.
Ah, now I got what you meant. I was just suggesting switching temporarily while the published 0-day would be public and unpatched, because this is the time in which the issue would be exploited the most.