Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Mozilla is excessively generous.
From: Mike Shaver <shaver () mozilla org>
Date: Fri, 29 Jun 2001 00:36:12 -0400

208.191.35.126 - - [27/Jun/2001:21:07:21 -0400] "GET /~qg/billy.html HTTP/1.1" 200 333 
"mailbox:///home/dustin/.mozilla/dustin/uo1voac3.slt/Mail/Mail/mail.ink-1.org/Inbox?number=29822904" "Mozilla/5.0 (X11; U; Linux 
2.2.16-22 i686; en-US; rv:0.9.1) Gecko/20010608"

Would anyone working on the Mozilla project care to add dustin's password
to this line in my web logs?  Maybe his mother's maiden name?

If you'd bothered to report this to mozilla.org, via bugzilla, rather than just going straight to bugtraq[*], you would probably have found bug 83038, which was fixed for mozilla 0.9.2. (0.9.2 froze tonight for final QA before release.)

People using Mozilla < 1.0 should probably be aware that there are bugs remaining, and some of those bugs may affect the security of the application. I don't think there are any serious ones left outstanding, but I may not just "serious" like you do, and there may yet be some undiscovered/unreported.

[*] Not that I have a problem with people mailing bugtraq to let people know what they should watch for, but if someone else _hadn't_ reported this to bugzilla, we might not have fixed it in time for 0.9.2. I assume that's what you want, and that you weren't just posting to be clever at our expense.

Mike
(not on bugtraq, please cc: on replies)



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault