MozillaZine

Reporting and Nominating Bugs for Mozilla Firefox 1.0

Thursday April 29th, 2004

Ben Goodger writes: "We're beginning the drive to Firefox 1.0 and we need to make sure that every bug people think is important is filed in Bugzilla and has a blocking0.9? or blocking1.0? request flag set. This will allow the FDT (heh) to develop an action plan for the milestones between now and 1.0, prioritize bugs and so on. It's essential that people start doing this now, rather than later, otherwise bugs might slip through the cracks!" Further details are available in Ben's posting to the Firefox forums.


#69 Security Issues in extensions

by bugs4hj <bugs4hj@netscape.net>

Saturday May 1st, 2004 4:12 AM

You are replying to this message

"As I recall both TBE and whatever the other popular tabbrowser extension was had security holes (some of which were even shared by Firefox itself, but they got patched in firefox and I'm not sure anyone contacted the extension authors)."

MultiZilla? NO. We follow the CVS logs very closely. In fact, we found two security issues in the Mozilla source and one is still not fixed. Also, Mozilla 1.6 has unsolved security bugs so it's not just extensions that expose people to security risk. Hmm, I guess its Ok for you to use a browser with security issues ;)

Again, I do apply (security) patches from CVS, as soon as I know about them, and Boris you nor anybody else ever send me any e-mails! I also checked the Mozilla Firefox source and found nothing so thank you for adding this misconception.

Finally, about this "...every single view-source-and-cache-interaction bug..." That's not a real (hard) security issue is it?

P.s. what file was patches again? I don't see anything patched (security related). Here's just one example: <http://bonsai.mozilla.org…nt/widgets/tabbrowser.xml> NADA