Re: On Mozilla-* updates
On Tue, Aug 02, 2005 at 02:29:51PM +0200, Moritz Muehlenhoff wrote:
> If the isolated patches were pulled from Mozilla Bugzilla by Matt Zimmermann
> (who appears to be Debian's Mozilla security delegate) and published as part
> of a DSA this would point to the core of each vulnerability and make exploit
> creation easier than reconstructing this information from the large interdiffs
> between their stable releases. This tends towards security through obscurity,
> but seems to be Mozilla's policy for bugs with their internal "Critical"
> severity.
Getting access to the patches is not a significant obstacle; the issue is
that they often don't apply to versions which are a few months old.
--
- mdz
Reply to: