 envoid
join:2002-12-21
Duluth, GA | hmmmm said by mozillazine :
According to the News.com article, Ferris reported the flaw to the Mozilla Foundation on Sunday, in line with the Mozilla security bugs policy. However, he decided to make the vulnerability public "after a run-in with Mozilla staff".
»www.mozillazine.org/talkback.htm···cle=7307
tho supposedly he didn't post it sunday but tuesday. sounds like personal issues getting in the way. |
|
|
|
| "Supposedly"? Again, I refer you to »bugzilla.mozilla.org/show_bug.cgi?id=307259.
It was reported on the sixth by Tom Ferris. The developers who fixed it made no personal comments about him, were quick to respond, did not underrate the bug's severity, and were clearly actively fixing it. Ferris, however, didn't ever actually respond to the bug after he'd posted it (he interpreted it incorrectly). When he posted on Secunia, he claimed there was a "run-in" with the Mozilla module owners; I'm not sure where the run-in came in. Nor am I sure why he posted it... |
|
 recoil0Premium
join:2005-02-22
Exton, PA | and firefox doesn't have automatic updates for this in the new browser? It should at least be sent out as optional. |
|
| Agreed. In fact, all the Mozilla folks agree with you, especially since they want to test the automatic update system more thoroughly. They intend to send out the patched build starting on Monday, since it takes a while to set up and they want to be able to deal with any regressions. Until then, the extension works fine (or you can compile the build from source, like I did, but that's not an option for most people). |
|
