If at first you don't succeed; call it version 1.0
Wednesday, 14 December 2005

After 5 months, Mozilla foundation have finally updated their advisory, and set the severity status to 'Critical'.

This small "victory" actually expose the hypocrisy of the Security Community. Many times before we have seen security experts bashing Microsoft for downplaying vulnerabilities (even patched ones). But, when it comes to Mozilla products, the silence of the community rumbles.

I hope this incident will set a red flag at Mozilla foundation, and they'll do better in the future with their vulnerabilities management. Just a reminder - they have yet to take back their claim of ZIPL0CK's DoS finding to be just a 'minor' issue.

I've also encountered some disturbing information regarding FireFox users who haven't upgraded their browser, and are still vulnerable to the InstallVersion.compareTo() vulnerability. I will publish this info soon.
If you are still using old version of FireFox please upgrade as soon as possible.

 


Wednesday, 14 December 2005 14:09:50 UTC | Comments [0] | Security#
Comments are closed.     
Send me an Email
Follow me on Twitter
RSS Feeds
  
Blogroll
Archive
Admin Login
Sign In
Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.