Mozilla Security Hole

Tuesday April 30th, 2002

Anonymous reports: "Grey Magic is reporting a minor security hole in Mozilla builds from at least 0.9.2 up to the current trunk and 1.0 branch. A bug has been filed in bugzilla, and will be opened to the public to view once the fix has been made. This also affects Netscape browsers from at least 6.1 on. There are no known uses of the vulnerability at this time." We'll let you know when a patch has been checked in for this.

On a side note, Grey Magic recommends that users "should move to a better performing, less buggy browser," on their vulnerability page. Looking at the open issues for it, IE clearly doesn't seem like the better choice.

UPDATE! A fix has been checked into the trunk, and has been approved for checkin to the 1.0 branch. Expect it to be in nightly builds for both branch and trunk starting tomorrow.

#98 Re: maybe Netscape should move a bit faster

by SubtleRebel <>

Thursday May 2nd, 2002 12:39 PM

You are replying to this message

Personally I hate receiving form letters that say "we got your email..." because it really does not mean that anyone has read it or anything. Whether or not you receive such an email, the message can still get lost before it gets to the right person.

The statement that "Netscape officials were unavailable for comment." means nothing either. As I write this post, I have no Netscape officials available for comment; I also have no officials from Microsoft available for comment; in fact, I do not see anyone (besides me) around, official or not, who is available for comment. It is doubtful that the author made any significant attempt to contact someone at Netscape who was qualified to comment on the matter.

Regardless, Grey Magic reacted unprofessionally. If they know anything about large corporations then they should realize that if you want to get a message to developers quickly, you do not contact the marketing department.

As for the whole bounty thing, I would think that if Grey Magic had filed a bug in Bugzilla then Netscape would be just as inclined to honor that for the Bounty as they would for anything.