Comments on: Firefox 3 Untimely Security Advisory

By: hackademix.net » Yahoo!'s Attitude Encouraging Zero Day Full Disclosure?

hackademix.net » Yahoo!'s Attitude Encouraging Zero Day Full Disclosure? — Tue, 01 Jul 2008 14:51:47 +0000

[…] processes, and “reward” reporters, not necessarily with money prizes, which may become dangerous when they feed an anonymous, uncontrolled vulnerability brokerage market. Most of these guys would […]

By: MJR's slef-reflections: Firefox 3, day 6: security flaw and banks

MJR's slef-reflections: Firefox 3, day 6: security flaw and banks — Mon, 23 Jun 2008 13:06:40 +0000

[…] didn’t spot this when I wrote my last post, but it seems there’s a security alert for FF3 already - hackademix.net: Firefox 3 Untimely Security Advisory - but it also affects FF2 and probably my cautious Javascript settings are enough to stop it […]

By: ADH

ADH — Sun, 22 Jun 2008 16:36:52 +0000

It happens many a times that there are some bugs in the old foundation(reusable modules) of software products which gets exposed when newer software versions are build on it. This case is very common with Windows. When Vista is tested for some attack/security hole , its also found to affecting XP.
Such incidences proves the need of thorough and continuous regression of the foundational classes/reusable modules.

By: Robert Accettura

Robert Accettura — Fri, 20 Jun 2008 00:14:51 +0000

I’m not a conspiracy theorist. I’m a skeptic. ;-)

By: Primera vulnerabilidad en Firefox 3 « HispaSystem Group Blog

Primera vulnerabilidad en Firefox 3 « HispaSystem Group Blog — Thu, 19 Jun 2008 21:34:26 +0000

[…] Mozilla ya investiga el asunto. Según Giorgio Maone, una vez más los usuarios de NoScript estarían a salvo […]

By: Mark

Mark — Thu, 19 Jun 2008 20:05:21 +0000

*Exactly* the same thing (although not tipping point) happened with wordpress 2.5 as well.

It seems fashionable to find bugs in RC releases and wait until RELEASE to publish them.

By: Firefox 3: una vulnerabilidad está siendo investigada | Zona Firefox

Firefox 3: una vulnerabilidad está siendo investigada | Zona Firefox — Thu, 19 Jun 2008 18:50:54 +0000

[…] la delantera en tan embarazoso rubro, pero si te preocupa este problema siempre puedes seguir la recomendación de Giorgio Maone: instalar […]

By: Giorgio

Giorgio — Thu, 19 Jun 2008 17:35:11 +0000

@Mark Downling:

release did flush it out before autoupdate kicked in for the 2.0.x stream, which is nice…

Not sure, why exactly is it nice, considered that this bug affects Firefox 2.0.x as well?

By: Mark Dowling

Mark Dowling — Thu, 19 Jun 2008 17:28:33 +0000

It might be untimely but I have no doubt that it was, in fact, timed by those who found it to appear on/after Download Day rather than reported during the RC process. I wonder if there’s a way to tweak bug bounties so that RC bugs get more $$…

That said, release did flush it out before autoupdate kicked in for the 2.0.x stream, which is nice…

By: Congrats to Mozilla’s Download Day « I’m Just an Avatar

Congrats to Mozilla’s Download Day « I’m Just an Avatar — Thu, 19 Jun 2008 14:57:27 +0000

[…] the news is not all good for Firefox 3, as the first vulnerability was announced while millions of people were still helping go for the record. Window Snyder, […]