> On Jun 25, 2016, at 10:34 AM, Alan Coopersmith <alan.coopersm...@oracle.com> > wrote: > > On 06/24/16 06:54 AM, Brandon Perry wrote: >> I am posting this to Full Disclosure/OSS instead of reporting it because I >> have >> opened a handful of libical bugs in the Mozilla bug tracker, alerted >> secur...@mozilla.org <mailto:secur...@mozilla.org>, and worked to show how >> and >> where to reproduce the bugs in Thunderbird, but Mozilla hasn’t shown any >> care at >> all about the bugs. Perhaps if I give a sample to the community of the bugs >> in >> the bug reports, Mozilla will take the bug reports more seriously. This bug >> attached had not been reported yet. > > Did you report them to libcial upstream? http://libical.github.io/libical/ > <http://libical.github.io/libical/>
I had initially asked for contact information regarding reporting potentially sensitive security test cases, but after a couple of days, I decided to look into another product that I figured would have more visibility and more power to get things fixed. https://github.com/libical/libical/issues/235 <https://github.com/libical/libical/issues/235> > >> My roommate mentioned Thunderbird being a second-class citizen in the Mozilla >> world, so if this is the case, this should be made explicit in regards to bug >> bounty expectations. > > While Thunderbird is still a beloved child of Mozilla, it's been told it's > time > to move out of its parents house and find its own sources of income/support: > > https://groups.google.com/d/msg/mozilla.governance/kAyVlhfEcXg/Eqyx1X62BQAJ > https://blog.mozilla.org/thunderbird/2015/12/thunderbird-active-daily-inquiries-surpass-10-million/ > > -- > -Alan Coopersmith- alan.coopersm...@oracle.com > Oracle Solaris Engineering - http://blogs.oracle.com/alanc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
