MozillaZine

Timeline of Mozilla shell: Security Vulnerability

Friday July 9th, 2004

Adam Sacarny writes: "I have created a timeline of the latest security bug. It shows how quickly the Mozilla developers handled the problem, tracking from the first mention in Bugzilla to the last CVS commit to the webpage. Readers get a peak into how development works over at mozilla.org, in particular into how security issues get resolved."

We reported on the shell: security vulnerability yesterday. A NewsForge commentary also praises the speed with which the exploit was patched. A slightly more pessimistic view can be found in an article from Enterprise Security Today (part of the NewsFactor Network) entitled Mozilla Security Nightmare Begins (according to Bart Decrem, the author of the article did contact the Mozilla Foundation for comments but they lost his number and could not return the call).

Update: Adam, author of the timeline, has written a followup post with further commentary on the bug and its fix.


#16 Re: Re: foobar

by dmccunney

Saturday July 10th, 2004 2:35 PM

You are replying to this message

"(according to Bart Decrem, the author of the article did contact the Mozilla Foundation for comments but they lost his number and could not return the call)."

Perhaps I'm a curmudgeon, but this dismays me.

For Mozilla based browsers to truly succeed in the market, we need to gain mind-share among corporate users as well as folks at home. I use Mozilla as my default browser at home, but on desktops at the office, the standard is IE. *I've* installed Mozilla there on my machine, too, but I'm on the IT staff. The vast majority won't switch unless management make a decree that henceforth the standard shall be Mozilla. (And even if they want to, most users have Win2K boxes with policies that won't *let* them install thier own software. Me or one of my peers must do it for them.)

For that to happen, Mozilla *must* have better marketing. It should be *somebody's* job at the Mozilla Foundation to deal with stuff like this, and when a member of the press calls to get comments on an upcoming article, the number should *not* be lost.

I'd say this is something the Foundation's newly hired product manager needs to address ASAP. ______ Dennis