Mozilla Privacy Bug
Saturday September 14th, 2002
Yesterday, ZDNet UK News reported that Mozilla has a privacy flaw involving HTTP referers. The flaw can be exploited using the
The bug was filed in Bugzilla as bug 145579 on Sunday 19th May, with the more serious
UPDATE! Bug 145579 has now been made public.
ANOTHER UPDATE! A fix has been checked in to the trunk. A patch for the 1.0 branch will follow shortly.
YET ANOTHER UPDATE! A patch has now been checked in to the 1.0 branch.
#61 Re: Track Record
Thursday September 19th, 2002 5:28 AM
You are replying to this message
"Actually, that is quite a track record."
It is quite a track record alright. Quite a meaningless and irrelevant one. If you regard you and your 'thousands of users' web browsing in a < 1% browser in an IE world without recourse as any sort of proof that the browser itself is secure, then you better guess again. Your entire logic behind that is broken and flawed. Which brings me to a question. A question that some of the fine folks here at Mozillazine often like to throw in the face of an IE user. A question that I am going to love to ask right now. How do you know you were never compromised? Of the thousands of Mozilla users of whoms web browsing you have intimate knowledge of, how do any of them know? Just between Mozilla 1.0 and 1.0.1 there were 25+ security fixes. How do you know that no one has succumbed to any of those? Those were rhetorical questions, of course. The fact is that you don't know.
"Sorry - you're just plain wrong. If software can be exploited, it will be exploited."
I'm going to give you the opportunity to think about what you just said before I rip it to pieces. Take a few deep breaths.... and think for a moment. Think hard if you have to.
"Maybe you should work in the real world with actual browsers in actual use. Then you can tell me about real-world comparisons, not what you think based on only your experience."
This really applies to you more than anyone else. While I don't claim to have personally interviewed ten million web surfers or examined the sourced code to 2 billion web pages, between work and personal life, my experience is quite firmly grounded in the real world. In fact, I believe it is the other way around in regards to what you said. I think it is you who needs to get out in the real world. I think it is you who needs to get out in the real world because when I see someone, anyone, speaking on the behalf of experiences from thousands of users, hackers, etc... I know they are about as full of poop as a christmas goose.