Mozilla team responds to Zalewski's bug reports

By Justin Mann on
Yesterday, we and many other sites reported on some newly discovered vulnerabilities in Firefox and Internet Explorer. The Mozilla team has already researched these bugs and have posted a response concerning the severity and impact of them. On the Mozilla blog, bugs 382686 and 376473 are mentioned. The former was actually reported two months ago, whereas the latter was made known originally in late May.

Interestingly, individually the bugs have received “low” severity ratings, meaning that more critical flaws will be addressed first. However, as stated on the blog yesterday, used together they could equal something more:

UPDATE 06/05/2007 2:27 PDT: These two bugs may be used together to allow an attacker to access any file the user has access to on the system. If this is the case, that may change the severity rating to Medium.
It is nice to have developers working so openly with the community, rather than having a team “behind the scenes” that has no apparent contact with the outside world. Microsoft has not commented on when the issues with IE7 or IE6 will be addressed.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.