Yesterday, we and many other sites reported on
some newly discovered vulnerabilities in Firefox and Internet Explorer. The Mozilla team has already researched these bugs and have posted a response
concerning the severity and impact of them. On the Mozilla blog, bugs 382686
are mentioned. The former was actually reported two months ago, whereas the latter was made known originally in late May.
Interestingly, individually the bugs have received “low” severity ratings, meaning that more critical flaws will be addressed first. However, as stated on the blog yesterday, used together they could equal something more:
UPDATE 06/05/2007 2:27 PDT: These two bugs may be used together to allow an attacker to access any file the user has access to on the system. If this is the case, that may change the severity rating to Medium.
It is nice to have developers working so openly with the community, rather than having a team “behind the scenes” that has no apparent contact with the outside world. Microsoft has not commented on when the issues with IE7 or IE6 will be addressed.