Slashdot Mirror

← Back to Stories (view on slashdot.org)

Opera Screeches at Mozilla Over Security Disclosure

Posted by ScuttleMonkey on from the did-too-did-too dept.

The Register is reporting that Mozilla's handling of a recent security exploit that affected both browsers has drawn an unhappy response from the Opera team. "Claudio Santambrogio, an Opera desktop developer, said the Mozilla team notified it of a security issue only a day before publishing an advisory. This gave the Norwegian software developers insufficient time to make an evaluation. [...] Santambrogio goes on to attack Mozilla's handling of the issue, arguing that it places Opera users at unnecessary risk."

2 of 208 comments (clear)

  1. Re:Sheesh... by xactoguy · · Score: 5, Informative

    From the Opera developers' description it appears that the Mozilla foundation could have handled things more professionally - Opera was only notified the day before a public advisory was published, and since that time the Mozilla foundation have opened most of the bug reports containing exploitation details to the general public. Judging from the emoticons on Opera's blog, the latter action by the Mozilla foundation is the primary issue here, not that they published the advisory.

    --


    And so we go, on with our lives
    We know the truth, but prefer lies
    Lies are simple, simple is bliss
  2. Re:insightful?? by Rudolf · · Score: 3, Informative
    where does it say they had twelve days to fix it?

    From TFA:

    Mozilla fixed the flaw, along with other more serious bugs, with the release of Firefox 2.0.0.12 on 7 February. Opera, which is yet to plug the moderate risk flaw, objected to the Mozilla team publishing an advisory on the issue.
    Claudio Santambrogio, an Opera desktop developer, said the Mozilla team notified it of a security issue only a day before publishing an advisory.


    Opera was notified the day before the February 7 release - that would be February 6. Today is February 18. Is that not 12 days?