Timeline of Mozilla shell: Security Vulnerability
Friday July 9th, 2004
Adam Sacarny writes: "I have created a timeline of the latest security bug. It shows how quickly the Mozilla developers handled the problem, tracking from the first mention in Bugzilla to the last CVS commit to the webpage. Readers get a peak into how development works over at mozilla.org, in particular into how security issues get resolved."
We reported on the
Update: Adam, author of the timeline, has written a followup post with further commentary on the bug and its fix.
#11 Re: Re: Need help? Do it yourself
Saturday July 10th, 2004 6:04 AM
You are replying to this message
> Leet me remind you that the problem is initially a Windows > problem. Shell: is inherintly insecure. Mozilla mistake was > only to allow it to the world. Hmmm... Just "shell:"?!? I think that at least some folks would say that the whole idea of blacklisting protocol handlers (as opposed to whitelisting or more radical approaches) was a ticking bomb from the get-go (and known as such for about two years)! "shell:" [kind of] exploded now, though luckily [so far] it seems like it went off in a desert. Next time things could get way worse...