

Apple still hasn't fixed a Safari bug that's been known about for 2 years - piratesahoyahoy
http://www.pcworld.idg.com.au/article/347741/two_years_later_apple_still_won_t_fix_safari_hole/

======
andrewtj
The "carpet bomb" attack that the article refers to is scripting the browser
to download a lot of files, knowing that Safari doesn't prompt before
downloading a file, in the hope that the user will execute one of them.

I don't think this kind of a attack is that practical on OS X as there's no
way of automatically executing a downloaded executable (as far as I know) and
OS X's sandbox would kick in with a dialog confirming that the file should be
opened on the off-chance the user did elect to open something random from the
internet.

It's arguable that this could be a more powerful attack by taking advantage of
an exploit in the handling of one of the "Safe" formats that are (by default)
opened automatically (Movies, Pictures, etc). However, such an attack would be
more subtle if it were just used inline in a webpage which makes the issue a
bit redundant.

------
fliph
Age is a meaningless metric for a bug; "age" + "severity" perhaps, but an old,
low-priority bug is less likely to be fixed than a new, high-priority bug,
given a non-infinite amount of development resources.

Case-in-point: Mozilla bug #350
<https://bugzilla.mozilla.org/show_bug.cgi?id=350> was open for 11 years: that
means it predates Netscape Navigator 4.06, but it wasn't fixed until Firefox
3.

