[X4U] Re: Serious OS X Security Vulnerability
DZ-Jay
dz at caribe.net
Fri Apr 8 12:21:15 PDT 2005
Timothy J. Luoma wrote:
>
> ...... Original Message .......
> On Thu, 07 Apr 2005 15:00:11 -0400 "DZ-Jay" <dz at caribe.net> wrote:
>
>>A few months ago, someone announced a security bug in
>>every IDN-enabled web browser (Opera, Mozilla, FireFox, among others),
>>and claimed that of all developers contacted, Opera Software brushed it
>>off as "its not our problem", while the Mozilla Foundation was quickly
>>working on a fix.
>
>
> That's a partial truth, at best. Opera is correct that the problem exists at a lower level
> than the browser. They also released a patched version around the same day that Mozilla had a
> public fix (and not just a CVS checkin) available.
But that's not the point. The point was that whoever reported the
vulnerability claimed, in his original advisory, something like like
"Opera says its not their problem and they are not going to do anything
about it." (I paraphrase), which turned out to be not quite accurate.
That's why I said I would be interested in knowing Apple's position on
the sudo issue, from Apple.
dZ.
More information about the X4U
mailing list