- 19 Mar 2004
They probally did and told them, but since they did not fix it in the new version the went public to force tem to fix it now.Why were you downloading a plugin that sounds like it's for adult stuff? <_< Those are dangerous.
And the article didn't give much information. Exactly what is the vulnerability >_< And why did Tipping Point find this out only after 3.0 was released? They could have found it in 2.0 for the last 34 months...
I know, which is why I'm wondering they didn't go public about the 2.0.0.x problem earlier. Said that the exploit was found on both 2.0 and 3.0.A lot of times, security groups will keep vulnerabilities they find private, only sharing them with the software developer in question. That way they fix the problem, without it becoming public and thus being exploited. Well, when developers don't listen or just don't fix it the security groups will make the vulnerability public so that they will be forced to fix it or suffer the wrath of angry people and evil doers.
Why? Just ditch the AV all together. As long as you stay away from suspicious places you'll be fine, ne?Yes, it's a bit like saying, "well, I know that my expired copy of Norton 3.0 is a bit out of date but as long as I stay away from dodgy websites and emails I'll be fine". It may be true to some extent, but that's not the point.
Its not the end of the world, all browsers have security flaws. Its how fast they fix it that shows how good they are.
I said back to the drawing board, not end of the world.
They havn't fixed it yet, also affects FF 2 so I imagine it's a piece or module that was not changed moving towards FF 3. If it ain't broke, don't fix it.