> 208.191.35.126 - - [27/Jun/2001:21:07:21 -0400] "GET /~qg/billy.html HTTP/1.1" 200 333 "mailbox:///home/dustin/.mozilla/dustin/uo1voac3.slt/Mail/Mail/mail.ink-1.org/Inbox?number=29822904" "Mozilla/5.0 (X11; U; Linux 2.2.16-22 i686; en-US; rv:0.9.1) Gecko/20010608" > > Would anyone working on the Mozilla project care to add dustin's password > to this line in my web logs? Maybe his mother's maiden name? If you'd bothered to report this to mozilla.org, via bugzilla, rather than just going straight to bugtraq[*], you would probably have found bug 83038, which was fixed for mozilla 0.9.2. (0.9.2 froze tonight for final QA before release.) People using Mozilla < 1.0 should probably be aware that there are bugs remaining, and some of those bugs may affect the security of the application. I don't think there are any serious ones left outstanding, but I may not just "serious" like you do, and there may yet be some undiscovered/unreported. [*] Not that I have a problem with people mailing bugtraq to let people know what they should watch for, but if someone else _hadn't_ reported this to bugzilla, we might not have fixed it in time for 0.9.2. I assume that's what you want, and that you weren't just posting to be clever at our expense. Mike (not on bugtraq, please cc: on replies)
This archive was generated by hypermail 2b30 : Fri Jun 29 2001 - 01:39:56 PDT