Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> The CVE was created last September, so it was known about at least that long

Mozilla could have reserved CVE numbers in blocks, and still be allocating from that batch.



Is there a reason why an organization would continue to use CVE numbers from last year?


CVE are assigned from the year the vulnerability was found. Not when it was announced.

However, a CNA like Firefox does not allocate CVE as they need them. They first ask Mitre for a block of X CVE to use as they need. They probably got a new block in September.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: