[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Thunderbird leak



* on the Mon, Jan 27, 2014 at 08:13:58AM -0600, Joe Btfsplk wrote:

>>> What is the bug number?
>> https://grepular.com/Security_Bug_Thunderbird_Websites_Tabs
>>
>> "The bugzilla report is currently locked from being viewed, but for when
>> it becomes unlocked, here it is: bug 700979"
>>
>> https://bugzilla.mozilla.org/show_bug.cgi?id=700979
>>
> That's odd.  Once logged into bugzilla, I've never seen "you are not 
> authorized to view this bug."  But maybe it happens.
> Why would they lock it so others can't add to comments, unless they know 
> it's a problem & want to keep a lid on it, till find a fix?

Security related bugs are hidden by default and only made public when
a fix is rolled out. This is very common. They are aware that this issue
is now public information so I assume they'll be unlocking it at some
point.

Unfortunately, in this instance, I think this private disclosure has
allowed the issue to go unfixed for a long time. I probably should have
made it public much sooner.

-- 
Mike Cardwell  https://grepular.com/     http://cardwellit.com/
OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3  B0CF 70A5 F512 0018 461F
XMPP OTR Key   8924 B06A 7917 AAF3 DBB1  BF1B 295C 3C78 3EF1 46B4

Attachment: signature.asc
Description: Digital signature

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk