Jul 13, 2004

A really fast fix... Or was it?

Many people in the Mozilla world are highlighting how fast the Windows shell vulnerability, such as MozillaZine.

Most of the focus has been on this, however, recently, there have been several people pointing out that this bug is over two years old. Adam Sacarny suggests that the fix is a really a band-aid, and proposes some ways to really fix the bug and prevent others like it.

Arguably, this bug is not really in Mozilla, but more in the fact that Mozilla uses a component that allows the exploit to exist. Specifically, Microsoft Word and MSN Messenger have the same issue, and like many other exploits in Microsoft's products, this will probably go unfixed for a while. To make this more concrete, Meryl Evans compares to exploit to another application.

This does beg a question of how many other bugs are like this in the current code, but on the plus side, at least they fix their bugs...

Filed In