Note that I posted to n.p.m.announce a mozilla.org statement re the recently-reported (and fixed) Mozilla security vulnerability relating to XMLHttpRequest:
news:[EMAIL PROTECTED] I'll add my personal opinion that we (mozilla.org staff) have not been active enough in publicizing either the current mozilla.org policy on security bugs or the [EMAIL PROTECTED] reporting mechanism. I'll take personal responsibility for that failure; among other things, I neglected to do enough followup announcements after we created the security policy originally. I've tried to highlight the security bug policy information in the public statement referenced above, and I'll also try to make sure that the [EMAIL PROTECTED] address and related information get highlighted in appropriate pages on the mozilla.org web site. Frank -- Frank Hecker [EMAIL PROTECTED]