Slashdot Mirror


Critical Mozilla, Thunderbird Vulnerabilities

d3ik writes "An advisory has been issued on several buffer overflow exploits in the Mozilla and Thunderbird code. Coincidentally, one of the exploits takes advantage of a unchecked buffer in the bitmap parser, very similar to recent Microsoft JPEG vulnerability. The good news is that if you have an updated version (Mozilla 1.7.3, Firefox 1.0PR, Thunderbird 0.8) you won't be affected."

6 of 596 comments (clear)

  1. fp? by simcop2387 · · Score: -1, Flamebait

    start the anti-microsoft bashing bashing

  2. cool by Anonymous Coward · · Score: -1, Flamebait

    How can the slashdot fanboys spin this into something anti-Microsoft?

  3. Re:So will it be Mozilla's fault... by DarkSarin · · Score: 0, Flamebait

    of course it's microshaft's fault.

    either that or those stinkin aliens

    --
    "We don't know what we are doing, but we are doing it very carefully,..." Wherry, R.J. Personnel Psychology (1995)
  4. Re:One of the reasons i love firefox by buzzoff · · Score: 0, Flamebait

    YES! That was exactly what I meant to say!

    I love my FF/TB more than most, but there are some pretty big issues that are rotting away in Bugzilla. The one that really comes to mind is the time/date problem in Thunderbird.

    I would also launch into flames about how Microsoft is picked on when it comes to buffer overruns, but I don't really feel like typing much right now.

    --
    "Never tell me the odds"
  5. Re:So will it be Mozilla's fault... by Anonymous Coward · · Score: -1, Flamebait

    You mean they don't tell us about it before it's fixed?? OMG THAT'S SECURITY THROUGH OBSCURITY!!!

  6. Re:One of the reasons i love firefox by Anonymous Coward · · Score: -1, Flamebait
    In the release notes it says, "Firefox Preview Release (henceforth refered to as PR) is a Technology Preview. While this software works well enough to be relied upon as your primary browser in most cases, we make no guarantees of its performance or stability. It is a pre-release product and should not be relied upon for mission-critical tasks. See the License Agreement for more information.".

    You do read the release notes, don't you?