Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Was this bug introduced in a recent version or is it old? I tried clicking through to see the bug, but I'm "not authorized".

Edit2: never mind the old edit, lmkg has a good point about the age of the CVE.



Given it affects the ESR release, I suspect it's been around a while. More details would be indeed be nice!


> The CVE was created last September, so it was known about at least that long

Mozilla could have reserved CVE numbers in blocks, and still be allocating from that batch.


Is there a reason why an organization would continue to use CVE numbers from last year?


CVE are assigned from the year the vulnerability was found. Not when it was announced.

However, a CNA like Firefox does not allocate CVE as they need them. They first ask Mitre for a block of X CVE to use as they need. They probably got a new block in September.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: