Timeline of Mozilla shell: Security Vulnerability
Friday July 9th, 2004
Adam Sacarny writes: "I have created a timeline of the latest security bug. It shows how quickly the Mozilla developers handled the problem, tracking from the first mention in Bugzilla to the last CVS commit to the webpage. Readers get a peak into how development works over at mozilla.org, in particular into how security issues get resolved."
We reported on the
Update: Adam, author of the timeline, has written a followup post with further commentary on the bug and its fix.
#17 Re: Why does this kind of functionality exist ....
by vcs2600 <firstname.lastname@example.org>
Saturday July 10th, 2004 3:01 PM
You are replying to this message
Note that this cuts both ways. A lot of people, here and elsewhere, were unhappy that Mozilla ignored their system "mailto:" handler setting.
Is the end user expected to set up a protocol handler (say "ssh://" or "news:" or "rtsp://") for every single program they use? That seems a little silly (but probably is the situation normal on Unix).
When the recent Mac/Safari protcol handler bug came out, there was some actual _productive_ discussion on this topic rather than pointing fingers at Windows or IE or whatever. One point made was that the API (or registry) should indicate whether the protocol handler is "safe" or not to launch from a webpage.