Re: [OT] security bug with firefox and add-on

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]




On 03/09/16 12:46, Mike - st257 wrote:
>> On Wed, Mar 9, 2016 at 1:38 PM, g <geleem@xxxxxxxxxxxxx> wrote:
<<>>

> What version of CentOS and Firefox?
>
--

centos 6.7, firefox 38.6.1.

<<>>

>> so my question is just who should i inform of problem?
>>
>> mozilla.org? author of add-on? cve.mitre.org? all 3?
>
> Author of the add-on would be my first stop.
>
> If it turns out to be a larger bug affecting more than just that add-on,
> hopefully the add-on author will run it up the chain to Mozilla.
>
--

reason in bring this up is if a hacker hacks someone's system and has
knowledge of bug, he most likely will have disassembled add-on and knows
what he needs to know to cause serious problems.

at first, i thought author. after posting and more thought time, authors
tend to be too lax in testing and slow in fixing.

as for mozilla.org, their attitude has become 'not fixable, upgrade to
later version', which in many cases is not doable.

with cve.mitre.org, they just might issue a 'CESA' to remove add-on and
reinstall firefox, do not use add-on until bug is fixed.


-- 
peace out.

If Bill Gates got a dime for every time Windows crashes...
 ...oh, wait. He does. THAT explains it!
-+-
in a world with out fences, who needs gates.

CentOS GNU/Linux 6.7

tc,hago.

g
.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux