Mozilla Vulnerability Timeline
Update: I have created an additional document that points out some failures surrounding this security hole. It should balance well with this post.
I’ve had many conversations lately about the security policies surrounding the Mozilla family of web browsers. The number of people fed up with the terribly vulnerable Internet Explorer has reached a critical mass. Now they want to know why Mozilla is better.
I suggest that those people who think “If IE is so bad, then Mozilla probably is too” take a look at this timeline. It tracks the identification, fixing, and notification of a potentially serious security hole affecting all of the Mozilla Organization’s consumer applications: the Mozilla Suite, the Firefox browser, and the Thunderbird e-mail client. I compiled it using the same publicly accessible, easy-to-find pages that Mozilla developers use all the time.
Here we go:
July 7 - 13:46 GMT - Keith McCanless files a bug in the Bugzilla Database reporting a new vulnerability. It exploits the windows “shell:” handler and allows a malicious web page to execute a program on a client’s computer (The program has to already be present on the computer). McCanless notes that the bug is “BOTH a security concern and a DOS,” since if the link points to a nonexistent file, it makes the Mozilla browser spawn off endless amounts of new windows. The bug is marked private since it is security-related; only developers with proper clearance can see it. (source)
July 7 - 16:26 GMT - Josh Perrymon sends the first e-mail to the “Full-Disclosure” mailing list about the vulnerability. (He presumably reported this bug independent of Keith McCanless.) The mail states that Mozilla will execute programs when passed the proper shell: URL. The vulnerability is now known to the world, ready to be exploited. (source)
July 7 - 18:16 GMT - Mozilla developer “timeless” creates patch closing vulnerability. He posts the patch on the Bugzilla Database so that other developers can approve it. (source) The bug had been known to the world for a matter of hours before a patch was created to fix it
July 7 - 18:19 GMT - Mike Shaver gives the patch a “superreview” flag, which is effectively a “thumbs up” for merging the code into Mozilla. The code may now be checked in to the Mozilla development and stable branches. (source)
July 7 - 18:55 GMT - Patch checked in to Mozilla development branch. (source)
July 7 - 18:58 GMT - Patch checked in the Mozilla Suite stable branches for versions 1.4 and 1.7 (source)
July 7 - 19:25 GMT - Back on the “Full-Disclosure” mailing list, Andreas Sandblad notes that the exploit “is dangerous” and explains how an attack might work (source)
July 7 - 22:07 GMT - Patch checked in to “Aviary” (Firefox and Thunderbird) branch (source)
July 8 - 01:59 GMT - Patch checked in to a new Mozilla branch; this branch represents the code for the new version, 1.7.1. Developers will then download this code and compile a new, secure version of the Mozilla Suite. (source)
July 8 - 03:23 GMT - A new branch is created, out of which developers will build new versions of Firefox and Thunderbird. The patch is checked into this branch. (source) In less than 11 hours after the vulnerability was reported to the public, all up-to-date Mozilla code was secure
July 8 - 10:56 GMT - Developers place binaries for Mozilla 1.7.1, the new secure release, on Mozilla FTP site. (source)
July 8 - 13:30 GMT - Thunderbird 0.7.2 binaries placed on the Mozilla FTP site. This release contains the patch for the security hole. (source)
July 8 - 14:13 GMT - An XPI “add-on” is uploaded that allows Mozilla Suite users to patch their browser without downloading an entire new release. (source)
July 8 - 14:27 GMT - Firefox 0.9.2 binaries placed on the Mozilla FTP site. This version contains the security patch. (source)
July 8 - 15:13 GMT - Thunderbird XPI “add-on” package placed on FTP site. This fixes the bug without requiring Thunderbird users to download an entire new setup file. (source)
July 8 - 16:13 GMT - Firefox XPI “add-on” package placed on FTP site. Once again, this fixes the bug without making users download a whole new setup file. (source) Before the vulnerability was known to the public for 24 hours, Mozilla had released updated versions of its poducts and patches for users running previous versions
July 8 - 17:38 GMT - Asa Dotzler opens the security bug to the public. Now anyone can go to the Bugzilla page and see the details of the vulnerability. By this point, however, patched versions of all affected software were available, and the bug had already been disclosed to the public on the “Full-disclosure” mailing list. (source)
July 8 - 20:53 GMT - David Baron updates the Mozilla.org main page so that it links to fixed copies of the Mozilla Suite, Firefox, and Thunderbird. (source)
July 8 - 21:57 GMT - Asa Dotzler checks in an official Mozilla.org notice of the vulnerability and the fix (source) In the course of less than a day and a half of public vulnerability, all Mozilla versions were updated, a security note was released, and new downloaders were secure by default
I think the Mozilla team deserves a round of applause for their speedy handling of a potentially serious problem. Furthermore, they have accomplished this feat in a transparent manner. And all at no cost to their users. From what I can see, most security bugs are handled this way, and that makes me happy to be a Firefox user.
Convinced? Get Firefox!
July 9th, 2004 at 10:59 pm
How long does it take to fix a bug ?
Adam Sacarny has put together a Time line of the mozilla issue ( actually Windows issues that mozilla is fixing so that it cant be exploited via moziall ). It shows how quickly the Mozilla developers handled the problem, tracking from the first mention…
July 10th, 2004 at 2:59 am
Posted to Neowin.net
http://www.neowin.net/comments.php?id=22111&category=main
July 10th, 2004 at 3:12 am
Excepting the fact he forgot about two YEARS earlier where they labled this bug WONTFIX…
Guys no one is perfect. It takes bigger people to admit when you screwed up.
All I have seen from you firefox people is flag waving and trumpeting about how great you are. This is a horrible example of open source and you should just let it go. Two years went by and a bug was labled WONTFIX. I don’t find that to be a ringing endorsement for Moz or Open Source Software in general.
This is not something to be happy about. What you should be saying is what went wrong 2 years ago to mark this a WONTFIX bug. The more you distort the truth about this the less credibility you have. Frankly after reading this its spin spin spin. Almost getting like politics.
July 10th, 2004 at 3:30 am
http://bugzilla.mozilla.org/show_bug.cgi?id=167475
July 10th, 2004 at 3:43 am
FireFox, Mozilla and all the team got my Vote!!!!
I barely ever did use IE, I always used Netscape.
July 10th, 2004 at 4:33 am
Week 1.5: Setting the record straight
A huge thanks to everyone participating in our week 1 community marketing initiative to get out the vote. It was…
July 10th, 2004 at 7:27 am
[…] rs on Thursday afternoon, but by and large, the process was invisible. It just got done. Here’s a timeline on the bug, illustrating how quickly it was resolved. Pretty impressive stuf […]
July 10th, 2004 at 7:28 am
[…] rs on Thursday afternoon, but by and large, the process was invisible. It just got done. Here’s a timeline on the bug, illustrating how quickly it was resolved. Pretty impressive stuf […]
July 10th, 2004 at 7:32 am
Biff Bofferson : You want to know why the bug was WONTFIX labeled ? It’s simple, it’s not the work of Mozilla to fix OS bugs. “shell:” is an “external” protocol, this means the browser should not use it, the browser lets the OS handle the external protocol.
2 years ago, MS knew this bug, and this bug should have been patched with XP1. But it seems MS didn’t patched it correctly. That’s why this time Mozilla had to handle the external protocol itself and don’t pass it to the OS.
This security hole only affects Windows XP, neither Linux nor Mac OS are affected.
Oh, and by the way, this security hole affects IE too …
Go to this page with IE shell vulnerability.
Now the true question, is : Does mozilla have to patch OS holes ?
July 10th, 2004 at 8:23 am
I wrote The Kernel Exploit Time-line on the
kernel DDOS bug discovered last month. It shows it took 4 days before a patch was available. The Open Source model is really working out great.
July 10th, 2004 at 8:56 am
Behind The Bug: Mozilla Patches a Hole
Think of it as “Behind the Music” for computer geeks.
July 10th, 2004 at 9:24 am
[…] .com”>
Weblog of a games programmer
10 Jul 2004
Mozilla
Mozilla Vulnerability Timeline describes what happened at Mozilla from the point where they were info […]
July 10th, 2004 at 9:52 am
Mozilla Vulnerability Timeline
Adam Sacarny has posted a timeline of the recent Mozilla bug that was recently discovered. All entries in the timeline are backed up with a source. “In less than 11 hours after the vulnerability was reported to the public, all
July 10th, 2004 at 10:47 am
Mozilla
This web page contains the details on how a security hole is patched in Mozilla….
July 10th, 2004 at 2:06 pm
I’m no IE lover, but there’s a fundamental thing being missed here, I find.
The question is not how fast Mozilla’s code was fixed; the question is: How fast were all users safe from this issue?
Without a transparent updating system, like (gasp) Windows downloading patches automatically, it doesn’t matter if the issue is fixed. It only matters what version people are using.
July 10th, 2004 at 4:06 pm
[…] s a bug in its software that is caused by windows in 24 hours but IE is still to release. http://www.sacarny.com/blog/index.php?p=104 http://www.internetnews.com/dev-news/article.php/3379111 […]
July 10th, 2004 at 4:06 pm
[…] s a bug in its software that is caused by windows in 24 hours but IE is still to release. http://www.sacarny.com/blog/index.php?p=104 http://www.internetnews.com/dev-news/article.php/3379111 […]
July 10th, 2004 at 4:07 pm
[…] s a bug in its software that is caused by windows in 24 hours but IE is still to release. http://www.sacarny.com/blog/index.php?p=104 http://www.internetnews.com/dev-news/article.php/3379111 […]
July 10th, 2004 at 4:07 pm
[…] s a bug in its software that is caused by windows in 24 hours but IE is still to release. http://www.sacarny.com/blog/index.php?p=104 http://www.internetnews.com/dev-news/article.php/3379111 […]
July 10th, 2004 at 5:09 pm
Der Tag danach
Wie ihr sicher mitbekommen habt, hatten wir ein Sicherheitsproblem. Glcklicherweise wurde das von der Presse grtensteils nicht zum Mozilla-Bashing genutzt. Adam Sacarny hat brigens den zeitlichen Verlauf des Bugfixings hier dargestellt. Interessant…
July 10th, 2004 at 5:09 pm
[…] Timeline A seriuos security flaw was discovered & fixed in the Mozilla code. Here’s a timeline. Cheers on a speedy resolve. Filed in Sidenotes | Pe […]
July 10th, 2004 at 7:50 pm
Totally awesome I must say. Great work from the Mozilla team!
July 10th, 2004 at 9:57 pm
[…] p; Development Applications Open Source Software Sacarny has published a timeline of the last Mozilla Vulnerability. From when the public was first warned of the security fla […]
July 11th, 2004 at 3:42 am
Firefox exploit
I’ve had many conversations lately about the security policies surrounding the Mozilla family of web browsers. The number of people fed up with the terribly vulnerable Internet Explorer has reached a critical mass. Now they want to know why Mozilla i…
July 11th, 2004 at 7:31 am
In response to Bjrn, it’s important to remember that most people are using Firefox because they are security minded. They would probably get the latest version quite quickly. However, having said that, you do have a good point. Maybe Firefox should consider some sort of system that will notify the user of new version releases?
July 11th, 2004 at 10:44 am
The security has been discovered 2 years ago, at 2002, you can check it out from here http://bugzilla.mozilla.org/show_bug.cgi?id=167475 . It turns out that mozilla developers didn’t want to fix it because they thought that it is not their responsibility. The same problem doesn’t exist in IE. Some people falsely claimed that it is the Windows’ own problem, but that also turned out to be false, because IE is not vulnuerable to this problem. Basically what Mozilla was doing is that it lets anybody on the net to run programs in your own computer. Unfortunately even though the problem has been discovered long time ago, mozilla developers refused to fix it and thus we were vulnureable to this problem for so many years. I have been using Firefox for 1.5 years. I hope nobody used this hole before, but once again I believe Mozilla developers prove the myth that open source developers are not as responsible as the ones working full time on a project. People are trying to hide this mess as much as possible, but it would be a disservice to users to do that and will harm the project in the long run. Mozilla should apologize for omitting to fix it, only then I might consider mozilla to be a real competitor to IE once again.
July 11th, 2004 at 1:48 pm
[…] dere. Ik kijk naar niemand - kijkt naar hiet ie-ontwikkelingsteam. Adam Sacarny heeft een timeline opgesteld, die aantoont hoelang het duurde sinds de ontdekking van de fout, t […]
July 11th, 2004 at 8:17 pm
[…] Firefox available for download, which had the vulnerability corrected. Another blog has a timeline that documents the reporting and repair of Mozilla’s vulnerability. Contrast this w […]
July 12th, 2004 at 2:31 am
Mozilla Bug Timeline - A Fine Lesson!
Adam Sacarny has created an interesting timeline of the latest security bug in Mozilla….
July 12th, 2004 at 5:18 am
Thumbs up guys, I’m really impressed
Mostly not with the quickness of the fix, but of all the other work regarding publicity, rolling in and non-development stuff! _All_ the Mozilla staff has my respects!
July 12th, 2004 at 10:26 am
Behind The Bug: Mozilla Patches a Hole
Think of it as “Behind the Music” for computer geeks.
July 12th, 2004 at 12:38 pm
First, to all you negative people, quit puking on the Mozilla team! I am thrilled that people are out there putting so much effort into developing open source software especially projects like this. Mozilla is a world class app and the Mozilla team should get the respect they have earned! Secondly, this is one security hole compared to how many on IE? And finally, the bug is fixed, unlike IE. (Is anyone still using IE for online banking?) If you feel the need to criticize, put your code where your mouth is. People, show some respect.
July 12th, 2004 at 1:40 pm
[…] rezza Open Source Archiviato in: Open Source — Luca Lizzeri @ 3:40 pm Una interessante cronistoria della recente vulnerabilità di Mozilla (da Mozillazine). Impressionante la […]
July 12th, 2004 at 3:14 pm
Why Mozilla? Why Not?
Via Exchange Security: Mozilla Vulnerability Timeline. Impressive. Paul (Robichaux, who publishes the Exchange Security blog) criticizes Mozilla on a few things, such as not having “a robust system for notifying people of updates and, optionally, pushi…
July 12th, 2004 at 3:53 pm
http://www.eweek.com/article2/0,1759,1622074,00.asp
“In discussions with representatives of the Mozilla Foundation, they conceded this indeed was a bug and didn’t try to foist the blame on to Microsoft. And that’s because they know what’s usually perfectly obvious: that browsers are supposed to look suspiciously at content and try to protect the user. There’s little to be gained by a defense that it’s Windows fault, not when you wrote the application to tell Windows to run whatever content comes up. ”
“In discussions with representatives of the Mozilla Foundation, they conceded this indeed was a bug and didn’t try to foist the blame on to Microsoft. And that’s because they know what’s usually perfectly obvious: that browsers are supposed to look suspiciously at content and try to protect the user. There’s little to be gained by a defense that it’s Windows fault, not when you wrote the application to tell Windows to run whatever content comes up. “
July 12th, 2004 at 3:53 pm
The 2nd quote should be:
“All Windows is doing in the case of what was just patched in Mozilla is taking an instruction to run a program and running it. If the browser didn’t ask for it, it wouldn’t happen.”
July 12th, 2004 at 4:58 pm
The writer of that eweek article does not seem to have clue regarding this security hole. For one thing, he thinks that popping up a dialog box to handle the shell exploit would have been a reasonable way of stopping the danger; there is no reason *any* user should want to click on a shell link on an internet web page. Given that shell is so dangerous, the proper way to handle it is to disable it completely a la XP SP 2 and Mozilla.
He changes some Internet Zone registry settings and wonders why Mozilla doesn’t reflect the changes. I’ll tell you why: because the Internet Zone settings are for Internet Explorer. I’d rather Mozilla not listen to those settings (Although I would like to import them)
And then, his cardinal sin: “The parsing and passing off to the Windows shell with Explorer is entirely a browser affair.” NO! It’s entirely a Windows internal affair! shell: is a protocol handler implemented in Windows that Mozilla was not instructed to *ignore*. Internet Explorer behaves the same way, except it pops up a dialog box while Mozilla hands off to the protocol without confirmation!
It seems this writer should have done some more research.
Adam
July 12th, 2004 at 6:26 pm
Nice timeline. But I can’t help noticing that virtually no time (if any at all) was spent on considering the impact this patch would have when distributed. What impact would it have on legitimate use of the shell: handler? What other potential issues could arise? Sure, it’s fancy with a 24h fix, but without knowing if it would cause other problems I don’t feel reassured at all.
July 15th, 2004 at 3:00 pm
Happy Birthday Mozilla Foundation
The Mozilla Foundation is now 1 year old and it took me a minute to realize it has only been a year since the foundation has been active. There have been huge leaps and bounds in all of the…
July 15th, 2004 at 4:06 pm
Why Firefox?
When faced with suggestions from everyone from CERT to Slate to stop using IE, it certainly raises (or should raise)…
July 15th, 2004 at 4:31 pm
[…] eneral > Why does open source work? Why does open source work? Because it doesn’t take months to squash bugs (like some places): It took a scant 31 hours betwee […]
July 16th, 2004 at 7:58 am
Firefox 0.9.2 and Thunderbird 0.7.2 released
Due to security problems found in Windows, the Mozilla Firefox and the Thunderbird staff decided to release their hotfix releases Firefox 0.9.2 and Thunderbird 0.7.1. Those versions include a workaround for the Windows security problem with the shell:-han
July 16th, 2004 at 11:53 am
Note: I’m a (mostly inactive) member of the Mozilla team.
My understanding (not being an expert on this bug) is that while the developers had an idea of what they’d like to do with external protocols, there certainly was no known hole outside of items already blacklisted. I was involved in the bug where people wanted telnet: to be re-enabled (it was in NS 4.x), and one reason it wasn’t was security.
July 19th, 2004 at 12:37 am
well done mozilla team! firefox is my fav browser and i install it on all the systems i build and recommend it to my family and friends.
it’s free and can be used linux, win or mac. has tons of features and is EASY to use and customize (auto-transfer settings!). and as we can see here, secure!
July 25th, 2004 at 4:29 pm
Hi,
you put some links to bonsai querys, which now don’t work anymore. I made some replacement querys, which are permanent (since this blog post wont disappear itself :):
Patch checked in to Mozilla development branch:
http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=SeaMonkeyAll&branch=HEAD&branchtype=match&dir=mozilla%2Fmodules%2Flibpref%2Fsrc%2Finit%2F+&file=all.js&filetype=match&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2004-07-07+09%3A00%3A00&maxdate=2004-07-07+12%3A00%3A00&cvsroot=%2Fcvsroot
Patch checked in the Mozilla Suite stable branches for versions 1.4 and 1.7:
http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=SeaMonkeyAll&branch=MOZILLA_1_%5B47%5D_BRANCH&branchtype=regexp&dir=mozilla%2Fmodules%2Flibpref%2Fsrc%2Finit%2F+&file=all.js&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2004-07-07+09%3A00%3A00&maxdate=2004-07-07+12%3A00%3A00&cvsroot=%2Fcvsroot
Patch checked in to Aviary (Firefox and Thunderbird) branch:
http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=AviaryBranchTinderbox&branch=AVIARY_1_0_20040515_BRANCH&branchtype=match&dir=mozilla%2Fmodules%2Flibpref%2Fsrc%2Finit%2F+&file=all.js&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2004-07-07+15%3A00%3A00&maxdate=2004-07-08+16%3A00%3A00&cvsroot=%2Fcvsroot
Patch checked in to a new Mozilla branch; this branch represents the
code for the new version, 1.7.1. Developers will then download this code
and compile a new, secure version of the Mozilla Suite:
http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=MOZILLA_1_7_1_MINIBRANCH&branchtype=match&dir=mozilla%2Fmodules%2Flibpref%2Fsrc%2Finit%2F+&file=all.js&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2004-07-07+18%3A00%3A00&maxdate=2004-07-07+19%3A00%3A00&cvsroot=%2Fcvsroot
A new branch is created, out of which developers will build new versions
of Firefox and Thunderbird. The patch is checked into this branch.
http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=FIREFOX_0_9_2_MINIBRANCH&branchtype=match&dir=mozilla%2Fmodules%2Flibpref%2Fsrc%2Finit%2F+&file=all.js&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2004-07-07+18%3A00%3A00&maxdate=2004-07-07+21%3A00%3A00&cvsroot=%2Fcvsroot
Maybe you can fix your blog post
July 27th, 2004 at 1:14 am
All the patch did was fix one line in preferences to disable the shell: protocol. If it had been anything difficult, it would’ve taken weeks to find a solution, make a patch, and then test the patch before a review/superreview was granted.
July 30th, 2004 at 9:07 pm
[…] ers on Thursday afternoon, but by and large, the process was invisible. It just got done. Here’s a timeline on the bug, illustrating how quickly it was resolved. Pretty impressive stuff fo […]
August 10th, 2004 at 2:10 am
distributed bug-fixing
Let me point everyone to this incredible timeline: a major security hole was fixed in Mozilla within 36 hours. Before…
September 6th, 2004 at 2:54 am
[…] much belies the argument. Now a blogger named sacarny has created a timeline detailing a vulnerability that was found in Mozilla and the time it took to fix it. It starts on July 7, at 13:46 […]
September 6th, 2004 at 4:18 pm
[…] 4b36ad0-344f-4281-b764-72e44e4f691c&url=http%3a%2f%2fwww.sacarny.com%2fblog%2findex.php%3fp%3d104″”>http://www.sacarny.com/blog/index.php?p=104
一个windows xp theme :
February 4th, 2005 at 10:17 am
Great site! Keep it running!
לתור מוטור
March 13th, 2005 at 8:09 am
[…] Adam Sacarny on the shell: hole Adam Sacarny, author of the Mozilla shell: vulnerability timeline, discusses what Mozilla can do to work around future holes in programs that re […]
April 21st, 2006 at 12:40 am
nice site
January 29th, 2007 at 10:05 pm
Mozilla - the best browser, I know. BTW, Opera too very good browser..
January 29th, 2007 at 10:07 pm
I begin using Mozilla yesterday and I like it vwry much!
Some sea algae for your health grow, called spirulina
January 29th, 2007 at 10:13 pm
Good site.
If you like long-live flovers and plants - indoor flower
March 11th, 2007 at 6:22 am
God site. Thanks!
March 19th, 2007 at 5:28 am
The entitlement refers to the amount that the VA will repay if the borrower defaults on his or her loan
April 4th, 2007 at 10:56 pm
Hi friends .The entitlement refers to the amount that ther VA well rapay if ther borrower defaults on his or her loan.If yoku like long- live flovers and planss-indoor flower
May 2nd, 2007 at 6:11 pm
May 20th, 2007 at 1:41 pm
http://asitehost.info/
May 20th, 2007 at 1:46 pm
http://asitehost.info/
May 31st, 2007 at 1:58 pm
Sentimental and nostalgic. Great.o
June 14th, 2007 at 2:06 pm
nudemen!!!
http://nudemen.ifastnet.com
July 31st, 2007 at 1:31 am
www.fuckoff.com
www.fuckoff.com
www.fuckoff.com
www.fuckoff.com
www.fuckoff.com
July 31st, 2007 at 11:42 am
interesting thank you…
orlando breast augmentation breast augmentation san francisco
August 28th, 2007 at 7:46 pm
interesting thank you…
alaska fishing+ guided king salmon self
August 29th, 2007 at 6:46 am
http://lollitochka.com/bbs_lolita_Burma.shtml bbs lolita Burma
August 29th, 2007 at 3:07 pm
underage angels
September 6th, 2007 at 1:33 pm
http://free-sex-lolita-tgp.com/lolita-art-galleries-tgp.html lolita art galleries tgp
September 7th, 2007 at 1:43 am
Ethanb…
It would be great help if I could get some clarity on the real issues…
September 24th, 2007 at 4:02 am
http://firsthotsex.com/articles/child_model_lolita_tgp_Laos.html child model lolita tgp Laos
September 26th, 2007 at 10:09 pm
http://do.min.io/bookmarks/fortrezza777/+á+Ã+à+Ô+à+++à+*+à+Ñ+á+Ã+à+Ô+à+Ñ+à+
October 2nd, 2007 at 10:39 pm
+á+Ã+à+Ô+à+Ñ+à+
October 3rd, 2007 at 7:30 am
]+à+Ò+à+Æ+áòÀÚ+à+Õ+à+#+á+Ó+á+Ã+à+Å+áòÀ++à+
October 6th, 2007 at 8:17 am
http://firstsexbox.com/articles/16_yoschool_girls_porn.html 16 yoschool girls porn
October 17th, 2007 at 10:54 pm
enterprise rental car canada
enterprise rental car canada
November 9th, 2007 at 10:13 pm
sint maarten airport car rental
sint maarten airport car rental
November 18th, 2007 at 6:23 am
hkhkjhkhkjJKJ
November 23rd, 2007 at 1:56 pm
I pray for world peace where all people can live free and happy.
November 25th, 2007 at 11:51 am
art
art
November 26th, 2007 at 12:16 am
art
art
November 26th, 2007 at 1:18 am
art
art
November 26th, 2007 at 6:01 am
art
art
November 27th, 2007 at 10:26 pm
art
art
November 28th, 2007 at 1:32 am
holiday
holiday
November 28th, 2007 at 5:52 am
holiday
holiday
November 29th, 2007 at 3:09 am
adult
adult
December 4th, 2007 at 3:26 am
holiday
holiday
December 4th, 2007 at 5:07 am
art
art
December 5th, 2007 at 9:07 am
x
x
December 5th, 2007 at 12:49 pm
smell
smell
December 5th, 2007 at 1:58 pm
v
v
December 7th, 2007 at 11:24 am
adult
adult
December 7th, 2007 at 4:37 pm
k
k
December 8th, 2007 at 10:33 am
smell
smell
December 10th, 2007 at 6:58 am
Thanks boys95a4ec17fae4ff2cab5501ec4199aad7
December 13th, 2007 at 2:51 am
holiday
holiday
December 14th, 2007 at 3:55 am
veryg
veryg
December 14th, 2007 at 10:39 am
art
art
December 14th, 2007 at 12:40 pm
jeans
jeans
December 15th, 2007 at 8:08 am
very interesting, but I don’t agree with you
Idetrorce
December 19th, 2007 at 11:59 pm
smell
smell
February 8th, 2008 at 8:19 am
AGGRESS AutoPost Test
February 22nd, 2008 at 7:27 am
We need more than names. the boys front yard they had
February 29th, 2008 at 11:32 pm
Ntage eclipse software
Ntage eclipse software
March 1st, 2008 at 5:43 pm
best
best
March 10th, 2008 at 3:06 pm
Ed man free links
Ed man free links
March 21st, 2008 at 9:32 pm
Crib Mattress.
March 21st, 2008 at 9:42 pm
appollo hospital
April 13th, 2008 at 3:25 am
!
April 13th, 2008 at 8:04 am
Hi all !
Thanks for this usefull site
April 19th, 2008 at 9:41 am
ztr
ztr
May 6th, 2008 at 2:43 am
Limousine for ny wedding
May 8th, 2008 at 12:37 am
!
May 9th, 2008 at 12:46 am
http://fisting3.by.ru
May 28th, 2008 at 6:31 am
Hello
June 22nd, 2008 at 11:55 am
It Has Great ResourcesGreat Job, Keep up the good work,
June 23rd, 2008 at 2:28 pm
Just Wanted You To CheckThis SIte, .rar free download, .rar free download, 20646,
June 23rd, 2008 at 7:44 pm
AMAZINGVery Interesting Site, You’re Pretty Good,
June 23rd, 2008 at 11:36 pm
I Love Your Site, I Think youre Great.Try Going To This Link,
June 24th, 2008 at 8:44 pm
Great Persona On the WebsiteGreat Work, cam free home live preview, cam free home live preview, 412,
June 24th, 2008 at 10:36 pm
You Really did it. , cam free people view, cam free people view, 33922,
June 25th, 2008 at 2:11 pm
Must See!!! A Promising Site, canada free giveaways, canada free giveaways, 8-(((,
June 25th, 2008 at 3:24 pm
You Will Love mine, Check it Now, canadian free online dating services, canadian free online dating services, lkzq,
June 25th, 2008 at 4:41 pm
look hereYou Must see This Site, Its Amazing, 100 free music top, 100 free music top, kylbd,
June 25th, 2008 at 6:00 pm
You Have to See This, 100mb free hosting picture, 100mb free hosting picture, 58274,
June 25th, 2008 at 7:26 pm
Thank You Very Much For Showing This InfoCan You Look At THis?, 110cc bike free pocket sale shipping, 110cc bike free pocket sale shipping, fyd,
June 26th, 2008 at 7:49 am
You’ll Like It, captivate free macromedia software, captivate free macromedia software, dwdc,
June 26th, 2008 at 12:02 pm
Can You Look At THis?I think This Is One Of My Favorites, carboard fish free sms, carboard fish free sms, sou,
June 26th, 2008 at 2:58 pm
AMAZINGVery Interesting Site, You’re Pretty Good, card credit free processor, card credit free processor, 8-P,
June 26th, 2008 at 9:57 pm
You Should Check This Out.., 110cc bike free pocket sale shipping, 110cc bike free pocket sale shipping, 644256,
June 26th, 2008 at 11:06 pm
New Site Here. Amazing Reviews, 132 download dvd free region, 132 download dvd free region, ujyzs,
June 27th, 2008 at 1:52 am
Just Use this site for more informationFind All Youre Looking for here,, card free greeting tin tree, card free greeting tin tree, 71651,
June 27th, 2008 at 5:05 am
You Are Brilliant. Nice Work HEre, 2 celebrity free sims skin, 2 celebrity free sims skin, yirhby,
June 27th, 2008 at 8:04 am
111
June 27th, 2008 at 8:12 am
222
June 27th, 2008 at 8:27 am
333
June 27th, 2008 at 8:35 am
444
June 27th, 2008 at 8:45 am
test
July 3rd, 2008 at 5:35 pm
elephant water ocean deliver dog free green deliver all pets
July 4th, 2008 at 9:21 am
У вас отличный сайт! так держать!
Катя
July 5th, 2008 at 4:20 am
вышлите пожалуйста прайс
Руслана
July 15th, 2008 at 1:03 am
Приветики!
У вас клевый сайт.. мне очень нравится..
приглашаем посетить наш сайт о грузовых автомобилях камаз.
Желаю Вам успехов! Алекс
July 27th, 2008 at 5:32 am
qdqsfxsxt ‾
July 27th, 2008 at 1:07 pm
у вас симпотичный дизайн
обязательно зайду еще!
July 29th, 2008 at 8:47 pm
Интернет магазин по продаже GPS навигаторов. В магазине представлены портативные, автомобильные, судовые, спортивные GPS навигаторы,
а также товары для активного отдыха.
July 30th, 2008 at 5:10 am
привед
нахожу ваш сайт очень полезным!
Маша (Магазин табака)
August 5th, 2008 at 7:57 am
Интернет магазин по продаже биноклей лучших мировых производителей. В магазине представлены бинокли: BUSHNELL, CANON, OLYMPUS, STEINER, CARL ZEISS, VANGUARD, KONUS, NIKON, NAVIGATOR, WINCHESTER, Miyauchi, JJ, PENTAX, PRAKTIKA, STURMAN.
August 6th, 2008 at 9:07 am
У вас отличный сайт! так держать!
Евгения (Магазин оптики)
August 7th, 2008 at 5:34 am
girl apple see keyboard girl right sea trust letter this
August 8th, 2008 at 4:54 am
привед
красивый сайт.. респект
August 8th, 2008 at 9:00 pm
Интернет магазин для дайверов, широкий ассортимент, низкие цены. Гидрокостюмы, боты, шлемы, перчатки, сумки, баллоны, снаряжение для охоты, компьютеры, фотоаппараты, фонари, ласты, маски, трубки.
August 9th, 2008 at 5:35 pm
Интернет магазин элитных зажигалок. Огромный ассортимент зажигалок, представлены зажигалки от Zippo, SAROME, Colibri, Givenchy, Pierre Cardin. Зажигалка - отличный сувенир и подарок! Доставляем по всей России.
August 10th, 2008 at 5:37 pm
привед
замечательный сайт.. респект
August 11th, 2008 at 2:04 pm
Профессиональные измерительные приборы: теодолиты, нивелиры, осциллографы, микроскопы, термометры, склерометры. Измерительное оборудование: дозиметры, твердомеры, толщиномеры, угломеры, уклономеры, эхолоты, дальномеры. Измерительные приборы, Теодолиты.
August 11th, 2008 at 5:53 pm
у вас классный дизайн
обязательно зайду еще!
August 12th, 2008 at 5:18 am
Магазин музыкальных инструментов. Широкий ассортимент музыкальных инструментов: синтезаторы, гитары, DJ оборудование и многое другое. Аксессуары для музыкальных инструментов. синтезаторы
August 13th, 2008 at 6:09 pm
Интернет магазин деловых портфелей. Портфели: Gullord, Grizzly, Bolinni, Playboy, Alanda, Palio, Alberto, Alexander, Exotika, Carbotti. Портфели Bolinni. Бесплатная доставка по Москве.
August 15th, 2008 at 11:14 am
Интернет магазин детских игровых моделей на радиоуправлении. В ассортименте магазина модели автомобилей, самолетов, военной техники, водного транспорта и вертолётов. Игровые модели военной техники. Скидки и подарки для постоянных покупателей.
August 15th, 2008 at 12:36 pm
viagru.com
ПРОДАЮТСЯ ДЖЕНЕРИКИ
для улучшения эрекции:
Виагра - от 70 рублей за таблетку (400)*
Сиалис - от 80 рублей за таблетку (475)*
Левитра - от 100 рублей за таблетку (375)*
При покупке специальных наборов Вы экономите дополнительно от 11% до 24%
*В скобках даны приблизительные цены на препараты в аптеках.
Продажа, доставка на сайте www.viagru.com
August 15th, 2008 at 7:47 pm
Интернет магазин по продаже бытовой и промышленной швейной техники. В ассортименте: электромеханические швейные машинки, компьютерные швейные машины, оверлоки и многое другое. Вязальные машины.
August 16th, 2008 at 9:27 am
Привет!
понравился движок вашего сайта.. где его можно найти? Ника
August 17th, 2008 at 7:39 am
у вас классный дизайн
обязательно зайду еще!
August 17th, 2008 at 8:00 pm
Интернет-магазин элитных авторучек Паркер. Ассортимент ручек Паркер и других известных производителей. Каталог ручек: авторучки, перьевые ручки, шариковые ручки, роллеры, подарочные наборы.
August 18th, 2008 at 3:33 pm
, 1500 , 2 .
August 18th, 2008 at 3:53 pm
1500 2 .
.
http://unidriver.narod.ru
August 18th, 2008 at 4:36 pm
привед
Понравился движок вашего сайта.. подскажите пожалуйста название или продайте
Татьяна (Sew-shop)
August 19th, 2008 at 2:09 pm
, ,
, ,
.
August 21st, 2008 at 5:44 pm
В интернет магазине представлены арбалеты пистолетного типа, винтовочного типа, элитные арбалеты, блочные луки, прямые луки, рекурсивные луки. Аксессуары для луков и арбалетов. Быстрая и удобная доставка по России, различные способы оплаты.
August 22nd, 2008 at 3:59 pm
у вас приятный дизайн
так держать! Богдан (Дайвинг)
August 24th, 2008 at 9:05 am
А кто подскажет - что за новая девочка вгруппе Домино - видел видео понравилась сильно.
Может она где на одноклассниках или вконтакте есть? Фотки может где имеются?
August 24th, 2008 at 8:35 pm
Интернет-магазин пневматического оружия. Широкий ассортимент пневматического оружия: пневматические винтовки, пневматические пистолеты. Пневматическое оружие от лучших производителей: Аникс, Gamo, Ижевск, Umarex.
August 25th, 2008 at 6:47 am
аренда производственных площадей в московской области
September 4th, 2008 at 1:38 pm
prescribed by doctors for overweight
patients who need to lose weight rapidly
weight especially for those patients
Phentermine can alleviate the serious