Funny,
so much rant about not receiving any contact from Netscape (AOL
subsidiary) or about not even giving prior notification to the
developers about the bug AND, all in all, no one even posts to a
bugzilla entry on bugzilla.mozilla.org which is the best place for bug
reports on Mozilla (ie, *n
> Demonstration:
> ==
>
> A fully dynamic proof-of-concept demonstration
> of this issue is available at
> http://security.greymagic.com/adv/gm001-ns/.
As some of you may have noticed, the above proof-of-concept does not work in
Mozilla 1.0 Release Candidate 1.
Don't get your hopes
Disturbing.
Netscape sure must be in financial problems since they are selling out on
their users security for a lousy $1000.
I know for one that I personally will release any future Netscape advisories
with full public disclosure and without prior Netscape notification. As a
matter of fact, why