Timeline of Mozilla shell: Security Vulnerability

Friday July 9th, 2004

Adam Sacarny writes: "I have created a timeline of the latest security bug. It shows how quickly the Mozilla developers handled the problem, tracking from the first mention in Bugzilla to the last CVS commit to the webpage. Readers get a peak into how development works over at, in particular into how security issues get resolved."

We reported on the shell: security vulnerability yesterday. A NewsForge commentary also praises the speed with which the exploit was patched. A slightly more pessimistic view can be found in an article from Enterprise Security Today (part of the NewsFactor Network) entitled Mozilla Security Nightmare Begins (according to Bart Decrem, the author of the article did contact the Mozilla Foundation for comments but they lost his number and could not return the call).

Update: Adam, author of the timeline, has written a followup post with further commentary on the bug and its fix.

#30 Misleading NewsFactor Article "Somewhat" Corrected

by peterlairo <>

Wednesday July 14th, 2004 1:31 AM

You are replying to this message

NewsFactor had a completely misleading headline called "Mozilla Security Nightmare Begins" <http://enterprise-securit…tory.xhtml?story_id=25807> The article is reproduced on YahooNews and most readers have written furious reviews about the POOR JOURNALISM: <…40709/tc_nf/25807&e=3>

Today NewsFactor released another article that seems an attempt at backtracking from their previous blunder, called "Mozilla Browser Flaw: Is Windows To Blame?" <…tory.xhtml?story_id=25835>

Unfortunately, this new article's headline is much weaker, and even creates "uncertainty" an "doubt" (as in FUD), and they still refer to it as a "Mozilla Browser Flaw".

It seems will need some agressive strategy to deal with this misleading articles. I suggest high level (Mitchell,...) talks and pressure, as well as letting the user base know how to help (e.g., scathing reviews).