Slashdot Mirror


Mozilla/Firefox Bug Allows Arbitrary Program Execution

treefort writes "An article at eWeek has the lowdown. The article also has a link to the bug report which addressed this issue some time ago. Still, I feel safer using Firefox since malicious persons are much more unlikely to target any vulnerabilites. Note that this only affects users of Mozilla and Firefox on Windows XP or Windows 2000." New releases are already available on mozilla.org that fix this. Update: 07/09 00:41 GMT by CN : I removed the bum link to Bugzilla, since I guess they don't like us. Also I discovered that OSDN's own NewsForge has more on the situation.

8 of 940 comments (clear)

  1. And this line says all I need to know by GMFTatsujin · · Score: 5, Funny

    "Researchers are reporting another security issue in Web browsing under Windows"

    Sounds like a Windows problem, not a Mozilla problem. Oh, wait a minute...

    Current versions of Mozilla and Firefox pass unknown protocol handlers to the operating system shell to handle.

    Ding! Next. However:

    The attacker would have to know the location in the file system of the program

    So just in case, I'm renaming my /bin, /sbin, and /usr directories to /zurg, /mumph, and /splunge. Bring it, you haxx0rs!

    1. Re:And this line says all I need to know by Telex4 · · Score: 5, Funny
      The attacker would have to know the location in the file system of the program

      So just in case, I'm renaming my /bin, /sbin, and /usr directories to /zurg, /mumph, and /splunge. Bring it, you haxx0rs!


      Well now you've blown it!

      Hint: Security through obscurity requires obscurity.
  2. Huh? by nettdata · · Score: 5, Funny

    malicious persons are much more unlikely to target any vulnerabilites

    I disagree... if anything, malicious people are MUCH more likely to target vulnerabilities.

    --



    $0.02 (CDN)
  3. Re:Blast! by AuMatar · · Score: 5, Funny

    Sure we have. I haven't seen an ME installation in years.

    --
    I still have more fans than freaks. WTF is wrong with you people?
  4. This proves once and for all by dicepackage · · Score: 5, Funny

    How dangerous Mozilla can be. Everyone should be listening to Microsoft and use a secure browser such as Internet Explorer that isn't littered with security vulnerabilities.

  5. Intentional by kyjello · · Score: 5, Funny

    This is added intentionally so that Mozilla contains all of the features of Internet Explorer.

    Oh yes, that's right! I went there.

    --
    kyjello is too damn smooth to make a signature.
  6. Re:A clear advantage by mobets · · Score: 5, Funny

    lol, you forgot the semicolon after the pritf line...

    #include
    int main()
    {
    printf("Hello World\n");
    return 0;
    }

    --

    It was me, I did it, I moved your cheese
  7. Re:A clear advantage by tunah · · Score: 5, Funny

    Bah, if they were really onto it, they would have embedded the exploit in the slashdot page and use it to patch your browser without clicking ANYTHING!

    --
    Free Java games for your phone: Tontie, Sokoban