Timeline of Mozilla shell: Security Vulnerability
Friday July 9th, 2004
Adam Sacarny writes: "I have created a timeline of the latest security bug. It shows how quickly the Mozilla developers handled the problem, tracking from the first mention in Bugzilla to the last CVS commit to the webpage. Readers get a peak into how development works over at mozilla.org, in particular into how security issues get resolved."
We reported on the
Update: Adam, author of the timeline, has written a followup post with further commentary on the bug and its fix.
#5 Why the gloating?
Saturday July 10th, 2004 12:46 AM
You are replying to this message
I don't understand all this bragging about "how good we are" in fixing security problems. Since the seeds of this bug were "red-flagged" by some users 2 years ago, and Mozilla failed to properly understand the implications then, we all should be sheepish now. And fixing by just blocking the "shell" preference will lay the foundation for the next external protocol exploit to come. See for reference: <http://bugzilla.mozilla.org/show_bug.cgi?id=167475> and <http://bugzilla.mozilla.org/show_bug.cgi?id=163767> and the comment by ROC at <http://bugzilla.mozilla.o…show_bug.cgi?id=250180#c7>