Re: [Full-Disclosure] Netscape Problems.

From: Ben Bucksch (ben.bucksch.news@beonex.com)
Date: 12/01/02

  • Next message: Robert Tracz: "Re: CAIS-ALERT: Vulnerability in the sending requests control of BIND"
    Date: Sun, 01 Dec 2002 01:32:20 +0100
    From: Ben Bucksch <ben.bucksch.news@beonex.com>
    To: bugtraq@securityfocus.com
    
    

    zen-parse wrote:

    > Last Stage of Delirium wrote:
    >
    >> Netscape seems to be another American company that does not seem to
    >> be fulfilling public obligations
    >
    > [...]
    > No reply received yet regarding money.
    > [...]
    > In case people haven't noticed yet, Open Source is not more secure.

    You seem to complain mostly about the lack of payment from Netscape. The
    bug bounty is offered by Netscape for the Netscape browser (which is not
    fully Open Source) under terms set forth by Netscape alone. While your
    anger is fully understandable (I don't know, if it's justified or not),
    it has nothing to do with the publicized security bug policy of
    mozilla.org [1].

    Please report bugs to mozilla.org directly. If you do that, you (as bug
    finder) are in charge of the terms and you can threaten the developers
    with full disclosure on bugtraq. If you plan to do that, please do it
    from the beginning.

    You are of course welcome to report the bugs to the Beonex project [2],
    and we will then handle the reporting and tracking. Beonex has an even
    more open stance than mozilla.org.

    Ben Bucksch
    Beonex

    [1] <http://www.mozilla.org/projects/security/security-bugs-policy.html>
    Quote: "Anyone who believes they have found a Mozilla-related security
    vulnerability can and should report it by sending email to the address
    security@mozilla.org. For more information read the rest of this
    document. [...]
    The original reporter of a security bug may decide when that bug report
    will be made public [...]"
    [2] <http://www.beonex.com>



    Relevant Pages

    • Re: Reading local files in Netscape 6 and Mozilla (GM#001-NS)
      ... The bug was not reported sooner because we had to test it properly, ... In our submission to Netscape we specifically said that we plan to wait 5 ... It seems a bit irresponsible to report a bug in a product to the ... entered as a bug in the underlying Mozilla code on April 29, ...
      (NT-Bugtraq)
    • Re: Reading local files in Netscape 6 and Mozilla (GM#001-NS)
      ... It seems a bit irresponsible to report a bug in a product to the ... entered as a bug in the underlying Mozilla code on April 29, ... > Users of Netscape Navigator should move to a better performing, ...
      (NT-Bugtraq)
    • Re: [SLE] Re: ntp drift file error..
      ... >> It's disappointing that this bug was reported on a SuSE mailing list ... but this is not the formal way to report feed back to SuSE. ... Introducing the New Netscape Internet Service. ...
      (SuSE)
    • RE: [Full-disclosure] Help with reporting
      ... Or you could just report the bug to the list... ... >> I think I've found a security bug in php, ...
      (Full-Disclosure)
    • Re: [patch] scsi: revert "[SCSI] Get rid of scsi_cmnd->done"
      ... Noone knows how many thousand bug reports have never reached lkml ... filing or get back to terminate the report. ... But I would like kernel people to become less egocentric ... Send _one_ email to lkml and you'll get forever spam to this address. ...
      (Linux-Kernel)