[security-announce] openSUSE-SU-2011:1242-1: critical: MozillaFirefox
15-Nov-2011 08:08
openSUSE Security Update: MozillaFirefox ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:1242-1 Rating: critical References: #728520 Cross-References: CVE-2011-3647 CVE-2011-3648 CVE-2011-36…
What is the nature of this bug? I tried to access bug #728520, but I get an “access denied” message:
https://bugzilla.novell.com/show_bug.cgi?id=728520
Why is access to this bug restricted?
I don’t speak for Novell or for opensuse. However, when I was part of an open source project, we did keep discussion of security bug private and encrypted to the extent possible. Any questions would be referred to official announcements (if any).
As far as I know, this is common practice. It is done in case there is something in the discussion that might help hackers to exploit the bug. You can probably find more info on this bug at the Mozilla site.
On the other hand, the reason for the restrictions is usually relevant only until the time that an adequate patch is made available. So perhaps the need for restricting this has passed.
On 2011-12-06 18:16, quantamm wrote:
> Why is access to this bug restricted?
When this happens, I ask in the security mail list, as a reply to the post
in the security-announces mail list. If this fails, I create a new bugzilla
on security issue.
–
Cheers / Saludos,
Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)