On Sat, Jul 4, 2009 at 12:59 PM, Peter Kasting<pkast...@google.com> wrote: > On Sat, Jul 4, 2009 at 9:57 AM, Ian Fette <i...@chromium.org> wrote: >> There are a few people looking at doing this safely (including part of the >> team in Tokyo). There are ideas on how to do this in a reasonably safe >> manner and they are being explored. The security review is not "in progress" >> - previous status was "Bad", there was work done to come up with ways to >> address said concerns, and now work is being done to try to implement those >> ideas - security review will happen again once those ideas are implemented. > > So did Mozilla just elect to ship Fx 3.5 with similar vulnerabilities, or > are we vulnerable in ways they aren't, or are these not well-understood > outside the Chromium community (which would surprise me)? > I ask because "@font-face support" is one of the big talking points in the > press for Fx 3.5. I assume that's the same feature.
Many apologies to those you following this discussion on chromium-dev, but we can't answer this question publicly. Members of the Mozilla security group should feel free to contact me or Ian privately if you have similar questions. Adam --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---