Mozilla bug-squashing timeline
This timeline of the discovery of a critical flaw in Mozilla is amazing. It took a scant 31 hours between the moment the bug was first reported to the moment that you could download a patched version of all different Mozilla flavours and derivatives.July 7 - 13:46 GMT - Keith McCanless files a bug in the Bugzilla Database reporting a new vulnerability. It exploits the windows "shell:" handler and allows a malicious web page to execute a program on a client's computer (The program has to already be present on the computer). McCanless notes that the bug is "BOTH a security concern and a DOS," since if the link points to a nonexistent file, it makes the Mozilla browser spawn off endless amounts of new windows. The bug is marked private since it is security-related; only developers with proper clearance can see it. (source)...Link (via Crypto-Gram)July 7 - 18:16 GMT - Mozilla developer "timeless" creates patch closing vulnerability. He posts the patch on the Bugzilla Database so that other developers can approve it. (source) The bug had been known to the world for a matter of hours before a patch was created to fix it
Share this post
Cory Doctorow
Upcoming appearances
* Feb 9, 2012, DeKalb, IL: Day of Doctorow, NIU
* Feb 10-12, 2012, Chicago, IL: Capricon 32
* Feb 13, 2012, Arlington, TX: UT Arlington College of Engineering Distinguished Speaker Series
* Feb 16, 2012, Victoria, BC: 13th Annual Privacy and Security Conference
Recent books:
* Context (essays)
* With a Little Help (short stories)
* For the Win (YA novel)
* Makers (adult novel)
Where not otherwise specified, this work is licensed under a Creative Commons License permitting non-commercial sharing with attribution. Boing Boing is a trademark of Happy Mutants LLC in the United States and other countries.