On 2013-08-07, at 12:58 PM, Jacob Appelbaum <[email protected]> wrote:
> Nadim Kobeissi: >> >> On 2013-08-07, at 12:44 PM, Jacob Appelbaum <[email protected]> wrote: >> >>> Bbrewer: >>>> "We're understaffed, so we tend to pick the few things we might >>>> accomplish and writing such advisory emails is weird unless there is an >>>> exceptional event. Firefox bugs and corresponding updates are not >>>> exceptional events. :(" >>>> >>>> Pardon me, >>>> But it does seem that this one was. >>>> >>>> No? >>> >>> Yeah, this was such a case - a month ago, we didn't know it was such a >>> case - no one did, not even Mozilla. >> >> That's funny — didn't Mozilla issue a security advisory for it a month ago? >> That would imply that they actually did know that it was such a case. >> > > The exploit is the exceptional event. Roger just covered this with > exceptional clarity. > > Al - did Mozilla know it was being exploited in the wild, a month ago? > Was there a known difference at the time between this bug and say, the > others which were fixed in the ESR17 release cycle? Does an exploit need to exist in the wild and be discovered first in order to warrant a security advisory? I didn't know this! NK > > All the best, > Jacob > > -- > Liberationtech list is public and archives are searchable on Google. Too many > emails? Unsubscribe, change to digest, or change password by emailing > moderator at [email protected] or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech
-- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
