Re: Mozilla is excessively generous.

[Mike Shaver <shaver () mozilla org>]

> 208.191.35.126 - - [27/Jun/2001:21:07:21 -0400] "GET /~qg/billy.html HTTP/1.1" 200 333 
> "mailbox:///home/dustin/.mozilla/dustin/uo1voac3.slt/Mail/Mail/mail.ink-1.org/Inbox?number=29822904" "Mozilla/5.0 (X11; U; Linux 
> 2.2.16-22 i686; en-US; rv:0.9.1) Gecko/20010608"
>
> Would anyone working on the Mozilla project care to add dustin's password
> to this line in my web logs?  Maybe his mother's maiden name?

If you'd bothered to report this to mozilla.org, via bugzilla, rather 
than just going straight to bugtraq[*], you would probably have found 
bug 83038, which was fixed for mozilla 0.9.2.  (0.9.2 froze tonight for 
final QA before release.)

People using Mozilla < 1.0 should probably be aware that there are bugs 
remaining, and some of those bugs may affect the security of the 
application.  I don't think there are any serious ones left outstanding, 
but I may not just "serious" like you do, and there may yet be some 
undiscovered/unreported.

[*] Not that I have a problem with people mailing bugtraq to let people 
know what they should watch for, but if someone else _hadn't_ reported 
this to bugzilla, we might not have fixed it in time for 0.9.2.  I 
assume that's what you want, and that you weren't just posting to be 
clever at our expense.

Mike
(not on bugtraq, please cc: on replies)