[tor-talk] Thunderbird leak
Mike Cardwell
tor at lists.grepular.com
Mon Jan 27 14:40:29 UTC 2014
* on the Mon, Jan 27, 2014 at 08:13:58AM -0600, Joe Btfsplk wrote:
>>> What is the bug number?
>> https://grepular.com/Security_Bug_Thunderbird_Websites_Tabs
>>
>> "The bugzilla report is currently locked from being viewed, but for when
>> it becomes unlocked, here it is: bug 700979"
>>
>> https://bugzilla.mozilla.org/show_bug.cgi?id=700979
>>
> That's odd. Once logged into bugzilla, I've never seen "you are not
> authorized to view this bug." But maybe it happens.
> Why would they lock it so others can't add to comments, unless they know
> it's a problem & want to keep a lid on it, till find a fix?
Security related bugs are hidden by default and only made public when
a fix is rolled out. This is very common. They are aware that this issue
is now public information so I assume they'll be unlocking it at some
point.
Unfortunately, in this instance, I think this private disclosure has
allowed the issue to go unfixed for a long time. I probably should have
made it public much sooner.
--
Mike Cardwell https://grepular.com/ http://cardwellit.com/
OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 598 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20140127/ceef4222/attachment.sig>
More information about the tor-talk
mailing list