In our opinion, the verbiage utilized in the Wired blog Was expose like in nature, whilst our reporting linked not only to their post, but also to the Bugzilla link. Granted, Ryan also linked to Bugzilla in the blog. Our report was short and sweet.

If this is the only so-called fault you can scavenge from our post, I think we can live with that.

Furthermore, as far as the rest of the argument, it begs the question. The real issue is all of this sorted out Quickly, Easily (Not Always, But Hopefully) and in the Open: clearly because of the lack of cruft in the code, and the openness of the work. Further proof in our eyes that Open Source is more secure, simply because of the People.

In fact, everyone, should be checking their system regularly, through a variety of methods, both automated and otherwise. The most important of all is what we promote daily. The simple utilization of Common Sense.

Not only are we doing additional scans, we’ve identified that the help content viewer didn’t need to render remote script in the first place and we’ll be turning that off in the next update of Firefox 2 (bug 432919).

And, what are you doing to solve it and this attack can’t be repeated?

You say: “As a result of this incident, we’re implementing additional vulnerability scans at regular intervals after an add-on has been uploaded to help mitigate similar problems going forward.” but, you didn’t explain how it works.

Thank’s for your time ;-)

I don’t think I accused you specifically of misunderstanding, though I’d personally dispute your characterization of the Wired blog post as “an exposé” :-)

As for users checking their machines thoroughly, of course they should; but that’s really irrespective of this issue and should apply to every single internet connected computer and not just the tiny subset that you called out. Wouldn’t you agree?

@Morbus, market share is a priority for Mozilla. It’s not _the priority_ for Mozilla but it absolutely is a priority. I don’t think this incident hurts Firefox growth though. A very small number of people were impacted and the impact wasn’t terrible.

@tend, I think that’s a more accurate description, but for most people, I don’t think it works very well because the overwhelming majority of users don’t understand the differences between viruses, worms, and trojans and many assume that trojan is just another word for virus when it’s not.

@Aljullu, if you read the original article and you read this post a bit more carefully, I think you’ll be able to answer that question for yourself.