No and no. It was an issue found by a external security researcher who has submitted a lot of issues to us over time. He found it through his process of investigation and reported it directly to us (responsible disclosure and such). It was a problem and we fixed it. The first indications of any exploit using it at all were when things happened with Tor this last weekend.
If an unfixed bug is being used in the wild, that's a 0 Day and we'll scramble to fix it if the bug is severe enough to merit it. If it is a bug that we've already fixed, we'll investigate to see if further mitigation is necessary and if there is anything further to be done. We had people spend their Sundays looking at the bug in question before it was completely narrowed down, double-checked, and confirmed to be the older issue that had been fixed in the current release of the time (we actually had another normal release yesterday as it is that time on the six week clock). Al -- Al Billings http://makehacklearn.org On Wednesday, August 7, 2013 at 2:58 AM, Jacob Appelbaum wrote: > Al - did Mozilla know it was being exploited in the wild, a month ago? > Was there a known difference at the time between this bug and say, the > others which were fixed in the ESR17 release cycle?
-- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
