mailing list archives
Re: Mozilla is excessively generous.
From: Mike Shaver <shaver () mozilla org>
Date: Fri, 29 Jun 2001 00:36:12 -0400
184.108.40.206 - - [27/Jun/2001:21:07:21 -0400] "GET /~qg/billy.html HTTP/1.1" 200 333
"mailbox:///home/dustin/.mozilla/dustin/uo1voac3.slt/Mail/Mail/mail.ink-1.org/Inbox?number=29822904" "Mozilla/5.0 (X11; U; Linux
2.2.16-22 i686; en-US; rv:0.9.1) Gecko/20010608"
Would anyone working on the Mozilla project care to add dustin's password
to this line in my web logs? Maybe his mother's maiden name?
If you'd bothered to report this to mozilla.org, via bugzilla, rather
than just going straight to bugtraq[*], you would probably have found
bug 83038, which was fixed for mozilla 0.9.2. (0.9.2 froze tonight for
final QA before release.)
People using Mozilla < 1.0 should probably be aware that there are bugs
remaining, and some of those bugs may affect the security of the
application. I don't think there are any serious ones left outstanding,
but I may not just "serious" like you do, and there may yet be some
[*] Not that I have a problem with people mailing bugtraq to let people
know what they should watch for, but if someone else _hadn't_ reported
this to bugzilla, we might not have fixed it in time for 0.9.2. I
assume that's what you want, and that you weren't just posting to be
clever at our expense.
(not on bugtraq, please cc: on replies)