July 13, 2004

A really fast fix... Or was it?

Many people in the Mozilla world are highlighting how fast the Windows shell vulnerability, such as MozillaZine.

Most of the focus has been on this, however, recently, there have been several people pointing out that this bug is over two years old, including this post from the same article. The first time I heard of it was on the same blog that announced the timeline; in this piece, Adam suggests that the fix is a really a band-aid, and proposes some ways to really fix the bug and prevent others like it.

Arguably, this bug is not really in Mozilla, but more in the fact that Mozilla uses a component that allows the exploit to exist. Specifically, Microsoft Word and MSN Messenger have the same issue, and like many other exploits in Microsoft's products, this will probably go unfixed for a while. To make this more concrete, Meryl Evans compares to exploit to another application.

This does beg a question of how many other bugs are like this in the current code, but on the plus side, at least they fix their bugs...

Posted 3 weeks, 2 days ago on July 13, 2004
The trackback url for this post is http://www.eyt.ca/blog/bblog/trackback.php/38/

Comments have now been turned off for this post. If you want to share something, please e-mail me.


Recent Posts