2008/06/21

Just on time

I read the recently published Firefox 3 also receive a vulnerability announce just 5 hours after the launch.

I don't understand the reasons of the Zero Day Initiative to publish it so early to the launch, and then say they only inform the Mozilla foundation for security. I my opinion, the ZDI organization probably know the bug before the launch (then the beta versions are also vulnerable) and the test if the Firefox developers fix it before the launch.

They like to be publicised because they take care on security, but I think they did in the other way. If they know the problem under the beta version and don't say anything they had the tools to avoid this announce. Only 5 hours separate this people from deserving a good job recognition, or to say 'please, you already had the opportunity to said before'.

Actualization: Interesting discussion found. It seem like the 2 version of Firefox is also vulnerable. This does mean they know before, but increase the doubt.

No comments: