(comment sent per mail) Christian Schuglitsch wrote: > > And why isn't there a hint on mozilla.org that everyone should upgrade > or disbale JavaScript until a new release is out? > > I'm really disappointed about it. > > Schugy
Well, considering that Mozilla is still pre-release software (although it is now very close to 1.0) and officially doesn't provide any support for the "normal" (i.e. non distributor) user, people shouldn't expect too much. Besides, this isn't the first time security vulnerabilities were found in Mozilla, and there has never been any kind of announcement or statement regarding this. The XMLHTTP-exploit is just the first one which got any kind of publicity. I think it's the responsibility of distributors like Netscape, Beonex, etc. to inform the userbase of any security vulnerabilites, not mozilla.org's. Christian
