Slashdot Mirror
Mozilla/Firefox Bug Allows Arbitrary Program Execution
treefort writes "An article at eWeek has the lowdown. The article also has a link to the bug report which addressed this issue some time ago. Still, I feel safer using Firefox since malicious persons are much more unlikely to target any vulnerabilites. Note that this only affects users of Mozilla and Firefox on Windows XP or Windows 2000." New releases are already available on mozilla.org that fix this. Update: 07/09 00:41 GMT by CN : I removed the bum link to Bugzilla, since I guess they don't like us. Also I discovered that OSDN's own NewsForge has more on the situation.
Surprised I posted this early with Firefox cracked wide open.
Internet Explorer's finest hour!
"True dat with a wiffle ball bat." -- kabrakan
Mind you, I love Firefox, but I hate hypocrisy.
Funny...the timing of this couldn't have been worse. I have been reading /. for a while now, and just the other day downloaded Mozilla, and then FF, then uninstalled FF and stuck w/ Mozilla, all on my work PC ,just to see the differences between the two.
Well, I d/l'ed & installed it, and within 25 min of checking /. , CNN and Yahoo I had AdDestroyer, Virtual Bouncer and something else loaded onto my machine.
After hearing how all of the /.'ers praised the open-source marvel that is Mozilla, I figured I must have clicked an ad-banner on accident somewhere and let something in (3x accidently clicking banners?? must have been really tired). I ran ad-aware and after the 3rd time through, it found and removed everything and we're all honky dorey once more.
**Now** I know where it came from, it was so close after the install of Mozilla there is no way it could be anything else.
This goes to show me a few things.
1) Don't believe everything you read. Check it out for yourself, and download Ad-Aware right after.
2) IE is the big corporate megolith swinging its clumsy and vulnerable code all over the place, but I really hope people realize that once these browsers start to get the attention that IE has had, the same vulnerabilities will be exposed in them as well, and the whole problem that MS has had to go through will occur for Mozilla/Opera/whatever....patching patches, breaking your software with software fixes...Not that I am an MS fanboi, but it does get a little "Anything not MS" heavy on here now and again.
For now, I'll stick with IE. It does everything I need, I'm comfortable with it, and it didn't download crap from banners within the first 30 min. I used it. ...I did like the tabbed browsing though.
Who cares where the problem is, they knew for two years there was a hole - end of story. At this point, as a user, I'm expecting a secure browser, so fix it. Its tough to encourage people to use Mozilla saying its more secure, when a bug like this has been **known** for 2 years. This is nothing short of embarrassing and to argue otherwise is hiding your head in the sand. If the Mozilla guys knew about this all this time and decided to sit on it just because technically it was a problems with the OS, shame on them. They need to step up to the plate and watch out for their users (and their own reputation).
So we banish the "shell" protocol today. Who's to say Windows won't have another flaw in another protocol tomorrow?
Since the 'shell' protocol flaw has apparently been known for 2 years, it should have been 'banished' then. Same for any other protocol, if its known to be a security risk, work around it or banish it when its found to be flawed....not 2 years later.