 bcroninPremium
join:2004-03-27
Hyde Park, NY | Aye, but as soon as it was, they release a near-immediate workaround (and already have the final fix well in the works). Thats arguably better support than MS is able to provide in most cases, imho ... |
approval from:
wtansill 
| reply to KyeU
I've posted the link to Bugzilla in two other threads on this article, so I'm not going to bother posting it again, but...
(1) The bug was reported (though not correctly) by Tom Ferris in the afternoon on September 6.
(2) Work was ongoing from the moment he reported it to the moment it was fixed (today). They were not slacking off.
(3) The fix would have gone into the next version (Firefox 1.0.7), which they are withholding because they'd like to fix a few other security-related bugs they know about, and the Firefox 1.0.x series does not have automatic update so it would unnecessarily require people to download a new browser for a simple fix.
(4) Firefox 1.5 beta 1, which does have an automatic update system, is receiving just such an update on Monday.
In the meantime, the Mozilla people have created an XPI to mitigate the problem temporarily, which they would not have had to do if the bug had not been prematurely reported on Secunia (for no discernable reason). This is the only action that they took that they would not have taken had the bug not been reported.
In light of all this, and the fact that Mr. Ferris reported it publically about two days after he submitted it to Mozilla, I'd say Mozilla reacted as best it could. |
