UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Yet another security issue
Moderators: Antony, Edward, profman, Ramona
5 posts
• Page 1 of 1
Yet another security issue
by James » Mon 29 Nov, 2004 10:29 pm
http://www.internetnews.com/security/ar ... hp/3440971
James
-
James - diamond member
- Posts: 2707
- Joined: Sat 13 Jul, 2002 12:10 am
- Location: Pacific NW USA
by Fulvio » Mon 29 Nov, 2004 11:09 pm
As long as there is software, there will be vulnerabilities.
It is dated today, but there may be patching problems since the guy who found the vulnerability went public after having reported it.
Apparently all browsers are affected.
It is dated today, but there may be patching problems since the guy who found the vulnerability went public after having reported it.
Apparently all browsers are affected.
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)
A minority may be right, and a majority is always wrong
~ Henrik Ibsen
WinXP, SP3, 512 MB, SM2.9.1, FF12, TB12.0.1, IE8.0, Google Chrome18, Ghostwall , Avast 7.x, JRE1.7_04. Testing FF13b4
~ Henrik Ibsen
WinXP, SP3, 512 MB, SM2.9.1, FF12, TB12.0.1, IE8.0, Google Chrome18, Ghostwall , Avast 7.x, JRE1.7_04. Testing FF13b4
-
Fulvio - Moderator
- Posts: 11916
- Joined: Wed 19 Jun, 2002 10:08 am
by J-M » Tue 30 Nov, 2004 2:51 pm
Fulvio wrote:It is dated today, but there may be patching problems since the guy who found the vulnerability went public after having reported it.
It's very irresponsible to report to security mailing list before contacting the vendor, I think that is as objectionable with "good" mailing lists and so-called underground lists.
Always registration to mozilla.org's Bugzilla site is not necessary. It is recommended, but if you want to stay anonymous or are not 100 % sure if selection 'Check this box if this is a security problem that needs to be kept confidential' is necessary, maybe it's better to use reporting mail address;
security @ mozilla.org. More information about this is available here http://www.mozilla.org/projects/securit ... olicy.html .
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fi-FI; rv:1.7.5) Gecko/20041108 Firefox/1.0
-
J-M - diamond member
- Posts: 815
- Joined: Sun 25 Jul, 2004 9:16 am
- Location: Helsinki, Finland
by Fulvio » Tue 30 Nov, 2004 3:29 pm
The way I read the article, I can see two possible happenings. One that the guy reported to Microsoft, but did not to the mozilla community. And, that only after the press conference someone report to bugzilla.
The way the article is written, I can't tell what happened.
I have to make a couple comments about Bugzilla. It may have changed, but it is a pain to report anything. Secondly, some people have this feeling that reporting is the same as expecting immediate results.
I have been in beta testings, and so many people are indignant because they got no reply nor action within 48 hrs or less.
The way the article is written, I can't tell what happened.
I have to make a couple comments about Bugzilla. It may have changed, but it is a pain to report anything. Secondly, some people have this feeling that reporting is the same as expecting immediate results.
I have been in beta testings, and so many people are indignant because they got no reply nor action within 48 hrs or less.
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20041122 Firefox/0.5.6+
A minority may be right, and a majority is always wrong
~ Henrik Ibsen
WinXP, SP3, 512 MB, SM2.9.1, FF12, TB12.0.1, IE8.0, Google Chrome18, Ghostwall , Avast 7.x, JRE1.7_04. Testing FF13b4
~ Henrik Ibsen
WinXP, SP3, 512 MB, SM2.9.1, FF12, TB12.0.1, IE8.0, Google Chrome18, Ghostwall , Avast 7.x, JRE1.7_04. Testing FF13b4
-
Fulvio - Moderator
- Posts: 11916
- Joined: Wed 19 Jun, 2002 10:08 am
by J-M » Wed 01 Dec, 2004 2:24 pm
Fulvio wrote:The way I read the article, I can see two possible happenings. One that the guy reported to Microsoft, but did not to the mozilla community.
A reporter writes:
"I'd have loved to CC mozilla about this, but I didn't have the time"
[continues]
It is possible that this person didn't want to contact mozilla.org, by sending a mail (''CC") or filling a bug report, at all. This is very sad. Maybe a new tendency, anti-Mozilla people is founded, however?
Maybe a quite new word, Google shows 586 hits. (136 of these are most relevant results).UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fi-FI; rv:1.7.5) Gecko/20041108 Firefox/1.0
-
J-M - diamond member
- Posts: 815
- Joined: Sun 25 Jul, 2004 9:16 am
- Location: Helsinki, Finland
5 posts
• Page 1 of 1
Return to Firefox, SeaMonkey and Netscape
Who is online
Registered users: Alexa [Bot], Anonymosity, Google [Bot], Yahoo [Bot]
