Mozilla doesn't care for upstream security fixes, and doesn't bother to send own security fixes upstream

Posted by Stefan Kanthak on May 03

Hi @ll

despite better knowledge and MULTIPLE bug/vulnerability reports
(see <https://bugzilla.mozilla.org/show_bug.cgi?id=811557>,
<https://bugzilla.mozilla.org/show_bug.cgi?id=809373>,
<https://bugzilla.mozilla.org/show_bug.cgi?id=579593>, …)
Mozilla continues to ship Firefox and Thunderbird for Windows with
a vulnerable executable installer.

Proof of concept/demonstration:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1. visit <…

Leave a Reply