Privacy Leak in Mozilla and Mozilla-Based Browsers
Mike S. writes "Mozillazine has pointed users to this story at ZDNet UK which breaks the news about a privacy bug discovered in in all Mozilla builds up to and including 1.2a as well as browsers based on Mozilla such as Netscape 6/7, Chimera and Galeon.
The bug allows a web site to track where you're going when leaving the site whether you use a link, a bookmark or type a URL into the address field. This page has a demonstration of the bug and instructions on patching it via a user.js file."
mozilla is secure (GPG built in) or insecure (privacy leak)...
personally i use it so im not bashing it or this article... but realyl i wanna know... should i use it or not?
unzip; strip; touch; finger; mount; fsck; more; yes; unmount; sleep
this security hole was already published a month ago [google cache]
You are correct, there is an internal document showing the hole [google cache] that is dated some two months ago!
This is so old news (google cache)
a bunch of "insightful" posts saying "this is no big deal (because I am a hypocrite)"
a bunch of "flamebait" posts saying "you are all hypocrites"
Here is the bug report, for interested parties. You're welcome. This is hosted on my PII slackware box, so don't pound it too hard.
Or, instead of modding up this karma whore, you could read the last part of the page which tells you exactly the same fix.
I have no life. I run Linux because of its well earned reputation for being "the" loser operating system. Since I have become a Linux user, I have been exposed to a whole new world of loser friends, whom I instant message, IRC, and generally avoid any real life contact with. It is really a pleasure to compute with other geeks such as myself. I plan on using my new Linux operating system as a way to entice and recruit other introverted losers like myself; it would be so helpful if you could produce more software which would appeal to others like myself, such as Lego Mindstorms, or that gay Gimp piece of shit. Thanks in advance.
I hate Windows! Linux r00ls!
Vince "kernal hax0r" Miglioni
...if anyone is keeping tab.
How is it that this has been modded down but a 1 line message about the glory of jewish cock has not?
Stupid ass mods.
To me, the most critical thing in the Linux market right now is the lack of good software courses, books and software itself. Without good software and an owner who understands programming, a hobby computer is wasted. Will quality software be written for the Linux market?
Almost a year ago, Alan Cox and myself, expecting the linux market to expand, hired Marcelo Tosatti [linuxandmain.com] to maintain Linux 2.4. The the initial work took only two months, the three of us have spent most of our lives documenting, improving and adding features to Linux. Now we have reiserfs [namesys.com], ext3 [redhat.com], a robust VM [linux.org], UML [kerneltrap.org], and the 2.5 development tree [kernel.org]. The value of the computer time we have used exceeds $40,000,000.
The feedback we have gotten from the thousands of people who say they are using Linux has all been positive. Two surprising things are apparent, however, 1) Most of these "users" never bought Linux (less than 10% of all computer owners have bought Linux), and 2) The amount of royalties we have received from sales to hobbyists makes the time spent on GNU/Linux worth less than $2 an hour.
Why is this? As the majority of users must be aware, most of you steal your software [freshmeat.net]. Hardware must be paid for, but software is something to share. Who cares if the people who worked on it get paid?
Is this fair? One thing you don't do by stealing software is get back at Berkeley [freebsd.org] for some problem you may have had. Berkeley doesn't make money selling software. The royalty paid to us, the manual, the CD's and the overhead make it a break-even operation. One thing you do do is prevent good software from being written. Who can afford to do professional work for nothing? What hobbyist can put 10-man years into programming, finding all bugs, documenting his product and distribute for free? The fact is, no one besides us has invested a lot of money in Linux software. We have written 3 stable kernels, and are writing Linux-2.5, but there is very little incentive to make this software available to Linux users. Most directly, the thing you do is theft [enron.com].
What about the guys who re-sell Linux, such as linuxmall.com [linuxmall.com], aren't they making money on hobby software? Yes, but those who have been reported to us may lose in the end. They are the ones who give
Linux users a bad name, and should be kicked out of any club meeting they show up at.
I would appreciate letters from any one who wants to pay up, or has a suggestion or comment. Just write to me at:
3940 Freedom Circle
Santa Clara, CA 95054 USA
Nothing would please me more than being able to hire ten programmers and deluge the Linux market with good software.
Linus Torvalds
Transmeta Corporation
I fry up foreskins and eat them with shrimp forks.
Just because it's intentional, doesn't mean it's not a bug. The space-adding hack breaks code, breaks plain-text urls (exacerbated by the "Slashdot doesn't automatically turn URLs into links" bug), generally frustrates people, and can be fixed.
Slashdot's use of tables for layout is the only reason "page-widening trolls" exist. If Slashdot used a simple layout or a CSS layout, a single wide post would not cause other posts to wrap off of the screen. Slashdot's use of tables also makes IE users wait for the entire page to load before they can read the first comment, but the space-adding hack is the most visible result of using tables for layout. See also: More reasons to avoid using tables for layout rather than only using tables for tabular data.
The shareholder is always right.
We will not tolerate ourselves to look stupid while accusing other companies of leaving security holes for months, and then doing it ourselves. Do it again, and we will slashdot you again. And yes, we will defeat your referrer. Thank you, have a nice day. :)
Berto
Idiot. You don't deserve anything. It's this entitlement mindset that makes all you open source hobbyists such a pain in the ass to deal with. Let me ask you this. If Mozilla is such hot shit, why isn't anybody charging money for it? You're saying that you give it away and it's still only used by a handful of mouth-breathing losers who live with their parents and hope, someday, to see an actual, live pair of boobies? Yeah, must be some great software you got there.
Fuckwits.