Tell me you were lyin’

I really, really hope that SPI Labs, whose widely trumpeted report on JavaScript vulnerabilities in feed readers left me cold, were spoofing their user-agent string when they filed their bug on (an old version of) Firefox (that didn’t actually do anything in the component where they filed it).

“Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)” doesn’t give me a secure feeling, even without the “(ax)” for ActiveX.

2 Comments

Comment by Jochen Boruschek #
2007-04-11 11:28:19

Hi! One question. Is this actually fixed? …because this doesen’t give me a secure feeling too…..usually SPI Labs does good work. Cheers Jochen

Comment by Phil Ringnalda #
2007-04-11 12:00:05

Is what fixed?

Their bug was invalid, though it was resolved worksforme, because nothing they described actually happened in a place where it shouldn’t; whether or not their use of Netscape 7.1 has been fixed I don’t know, since they don’t seem to have filed another bug with that Bugzilla account.

 
 
Name (required)
E-mail (required - never shown publicly)
URI
Your Comment (smaller size | larger size)
You may use <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <del datetime="" cite=""> <dd> <dl> <dt> <em> <i> <ins datetime="" cite=""> <kbd> <li> <ol> <p> <pre> <q cite=""> <samp> <strong> <sub> <sup> <ul> in your comment.