Slashdot Mirror


Privacy Leak in Mozilla and Mozilla-Based Browsers

Mike S. writes "Mozillazine has pointed users to this story at ZDNet UK which breaks the news about a privacy bug discovered in in all Mozilla builds up to and including 1.2a as well as browsers based on Mozilla such as Netscape 6/7, Chimera and Galeon. The bug allows a web site to track where you're going when leaving the site whether you use a link, a bookmark or type a URL into the address field. This page has a demonstration of the bug and instructions on patching it via a user.js file."

16 of 357 comments (clear)

  1. make up your mind slashdot by packeteer · · Score: -1, Troll

    mozilla is secure (GPG built in) or insecure (privacy leak)...

    personally i use it so im not bashing it or this article... but realyl i wanna know... should i use it or not?

    --
    unzip; strip; touch; finger; mount; fsck; more; yes; unmount; sleep
  2. this is redundant -- by fuckinggodalmighty · · Score: -1, Troll

    this security hole was already published a month ago [google cache]

  3. Re:The most disturbing thing about this... by fuckinggodalmighty · · Score: -1, Troll

    You are correct, there is an internal document showing the hole [google cache] that is dated some two months ago!

  4. WTF Editors -- mod article down redundant! by Anonymous Coward · · Score: -1, Troll

    This is so old news (google cache)

  5. SUMMARY OF THREAD by Anonymous Coward · · Score: -1, Troll
    Here is a one-post summary of this entire discussion so that you do not have to read it.

    a bunch of "insightful" posts saying "this is no big deal (because I am a hypocrite)"

    a bunch of "flamebait" posts saying "you are all hypocrites"

  6. Here's a mirror: by Anonymous Coward · · Score: -1, Troll

    Here is the bug report, for interested parties. You're welcome. This is hosted on my PII slackware box, so don't pound it too hard.

  7. Re:Easy work-around for now by *xpenguin* · · Score: 0, Troll

    Or, instead of modding up this karma whore, you could read the last part of the page which tells you exactly the same fix.

  8. What about... by Anonymous Coward · · Score: -1, Troll
    Dear Linus,

    I have no life. I run Linux because of its well earned reputation for being "the" loser operating system. Since I have become a Linux user, I have been exposed to a whole new world of loser friends, whom I instant message, IRC, and generally avoid any real life contact with. It is really a pleasure to compute with other geeks such as myself. I plan on using my new Linux operating system as a way to entice and recruit other introverted losers like myself; it would be so helpful if you could produce more software which would appeal to others like myself, such as Lego Mindstorms, or that gay Gimp piece of shit. Thanks in advance.

    I hate Windows! Linux r00ls!

    Vince "kernal hax0r" Miglioni

  9. 9/10 Arab women prefer jewish cocks by Anonymous Coward · · Score: -1, Troll

    ...if anyone is keeping tab.

  10. Re:ISLAM: A Religion of Peace by Anonymous Coward · · Score: -1, Troll

    How is it that this has been modded down but a 1 line message about the glory of jewish cock has not?

    Stupid ass mods.

  11. Re:The most disturbing thing about this... by Anonymous Coward · · Score: -1, Troll

    To me, the most critical thing in the Linux market right now is the lack of good software courses, books and software itself. Without good software and an owner who understands programming, a hobby computer is wasted. Will quality software be written for the Linux market?

    Almost a year ago, Alan Cox and myself, expecting the linux market to expand, hired Marcelo Tosatti [linuxandmain.com] to maintain Linux 2.4. The the initial work took only two months, the three of us have spent most of our lives documenting, improving and adding features to Linux. Now we have reiserfs [namesys.com], ext3 [redhat.com], a robust VM [linux.org], UML [kerneltrap.org], and the 2.5 development tree [kernel.org]. The value of the computer time we have used exceeds $40,000,000.

    The feedback we have gotten from the thousands of people who say they are using Linux has all been positive. Two surprising things are apparent, however, 1) Most of these "users" never bought Linux (less than 10% of all computer owners have bought Linux), and 2) The amount of royalties we have received from sales to hobbyists makes the time spent on GNU/Linux worth less than $2 an hour.

    Why is this? As the majority of users must be aware, most of you steal your software [freshmeat.net]. Hardware must be paid for, but software is something to share. Who cares if the people who worked on it get paid?

    Is this fair? One thing you don't do by stealing software is get back at Berkeley [freebsd.org] for some problem you may have had. Berkeley doesn't make money selling software. The royalty paid to us, the manual, the CD's and the overhead make it a break-even operation. One thing you do do is prevent good software from being written. Who can afford to do professional work for nothing? What hobbyist can put 10-man years into programming, finding all bugs, documenting his product and distribute for free? The fact is, no one besides us has invested a lot of money in Linux software. We have written 3 stable kernels, and are writing Linux-2.5, but there is very little incentive to make this software available to Linux users. Most directly, the thing you do is theft [enron.com].

    What about the guys who re-sell Linux, such as linuxmall.com [linuxmall.com], aren't they making money on hobby software? Yes, but those who have been reported to us may lose in the end. They are the ones who give
    Linux users a bad name, and should be kicked out of any club meeting they show up at.

    I would appreciate letters from any one who wants to pay up, or has a suggestion or comment. Just write to me at:

    3940 Freedom Circle
    Santa Clara, CA 95054 USA

    Nothing would please me more than being able to hire ten programmers and deluge the Linux market with good software.

    Linus Torvalds
    Transmeta Corporation

  12. Re:ISLAM: A Religion of Peace by Anonymous Coward · · Score: -1, Troll

    I fry up foreskins and eat them with shrimp forks.

  13. Re:Easy work-around for now by jesser · · Score: 1, Troll

    Just because it's intentional, doesn't mean it's not a bug. The space-adding hack breaks code, breaks plain-text urls (exacerbated by the "Slashdot doesn't automatically turn URLs into links" bug), generally frustrates people, and can be fixed.

    Slashdot's use of tables for layout is the only reason "page-widening trolls" exist. If Slashdot used a simple layout or a CSS layout, a single wide post would not cause other posts to wrap off of the screen. Slashdot's use of tables also makes IE users wait for the entire page to load before they can read the first comment, but the space-adding hack is the most visible result of using tables for layout. See also: More reasons to avoid using tables for layout rather than only using tables for tabular data.

    --
    The shareholder is always right.
  14. Dear BugZilla morons by MicroBerto · · Score: 2, Troll
    No. If this bug was fixed months ago when it was first detected, then there would have been no problem. However, the slashdot ultimatum was issued and appropriately followed through.

    We will not tolerate ourselves to look stupid while accusing other companies of leaving security holes for months, and then doing it ourselves. Do it again, and we will slashdot you again. And yes, we will defeat your referrer. Thank you, have a nice day. :)

    --
    Berto
    1. Re:Dear BugZilla morons by Anonymous Coward · · Score: -1, Troll

      We will not tolerate ourselves to look stupid while accusing other companies of leaving security holes for months, and then doing it ourselves.

      You are just now coming to the realization that you look stupid? What a laugh. It's the fact that you're stupid that makes you look stupid. Who but a total bagbiter would look at the vast software economy and say to himself, "I'll bet I can make stuff just as good, without spending any money and without charging anybody for it!"

      If you use Lunix (that's not a typo, halfwit) then you not only look stupid; you are stupid. If all you want to do is play, or get by on the cheap, there are decent operating systems out there (cough FreeBSD cough). If you're doing whatever it is you're doing for real, for a living, then grow up and buy an operating system that's actually been tested and documented. Even Windows is more thoroughly tested and documented that Lunix.

  15. Re:Dear Slashdot morons by Anonymous Coward · · Score: -1, Troll

    Idiot. You don't deserve anything. It's this entitlement mindset that makes all you open source hobbyists such a pain in the ass to deal with. Let me ask you this. If Mozilla is such hot shit, why isn't anybody charging money for it? You're saying that you give it away and it's still only used by a handful of mouth-breathing losers who live with their parents and hope, someday, to see an actual, live pair of boobies? Yeah, must be some great software you got there.

    Fuckwits.