OK, everyone, let's try to cool it a bit. This discussion is extremely important, so let's not let it deteriorate into bickering. Otherwise, I'll have to moderate it, a task I don't enjoy.
Kudos to all of you who have already expressed a similar sentiment, Yosem, one of the moderators On Wed, Aug 7, 2013 at 9:50 AM, Al Billings <[email protected]> wrote: > No and no. > > It was an issue found by a external security researcher who has submitted > a lot of issues to us over time. He found it through his process of > investigation and reported it directly to us (responsible disclosure and > such). It was a problem and we fixed it. The first indications of any > exploit using it at all were when things happened with Tor this last > weekend. > > If an unfixed bug is being used in the wild, that's a 0 Day and we'll > scramble to fix it if the bug is severe enough to merit it. If it is a bug > that we've already fixed, we'll investigate to see if further mitigation is > necessary and if there is anything further to be done. We had people spend > their Sundays looking at the bug in question before it was completely > narrowed down, double-checked, and confirmed to be the older issue that had > been fixed in the current release of the time (we actually had another > normal release yesterday as it is that time on the six week clock). > > Al > > -- > Al Billings > http://makehacklearn.org > > On Wednesday, August 7, 2013 at 2:58 AM, Jacob Appelbaum wrote: > > Al - did Mozilla know it was being exploited in the wild, a month ago? > Was there a known difference at the time between this bug and say, the > others which were fixed in the ESR17 release cycle? > > > > -- > Liberationtech list is public and archives are searchable on Google. Too > many emails? Unsubscribe, change to digest, or change password by emailing > moderator at [email protected] or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech >
-- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
