Slashdot Mirror


Critical Mozilla, Thunderbird Vulnerabilities

d3ik writes "An advisory has been issued on several buffer overflow exploits in the Mozilla and Thunderbird code. Coincidentally, one of the exploits takes advantage of a unchecked buffer in the bitmap parser, very similar to recent Microsoft JPEG vulnerability. The good news is that if you have an updated version (Mozilla 1.7.3, Firefox 1.0PR, Thunderbird 0.8) you won't be affected."

21 of 596 comments (clear)

  1. Re:So will it be Mozilla's fault... by duffbeer703 · · Score: 5, Funny

    No, it will still be Microsoft's fault.

    --
    Conformity is the jailer of freedom and enemy of growth. -JFK
  2. Compatibility by zero-one · · Score: 4, Funny

    Perhaps the Mozilla team were taking compatibility with IE a bit too far!

  3. Nice timing :) by shish · · Score: 3, Funny

    This story got posted while I was mid-way through installing the latest version, so I missed the mozilla.org slashdotting as everyone goes to upgrade :)

    --
    I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
  4. Here They Come by TheLetterPsy · · Score: 5, Funny

    Cue all the, "Boy, I sure am glad I use IE" posts . . . er . . . I mean . . .

  5. Question by Anonymous Coward · · Score: 5, Funny

    Does my lynx browser need updating?

    1. Re:Question by Chaotic+Evil+Cleric · · Score: 4, Funny

      Yes, but for a different reason.

  6. OH MY GOD! by pridkett · · Score: 4, Funny

    This really worries me:

    7) Mozilla allows dragging links to another window or frame. This can e.g be exploited by tricking a user on a malicious website to drag a specially crafted javascript link to another window. Successful exploitation can cause script code to execute in context of that window. Further exploitation can in combination with another unspecified vulnerability lead to execution of arbitrary code.

    Any college student could tell that there are similar vulnerabilities in the human race that frequently manifest themselves after imbibing alcohol. Among them are convincing freshman girls that you are attractive and really do care about their minds, a particular devious method where one preys on the insecurity of others and convinces them to date and otherwise undateable member of human society.

    The problem is not confined to just colleges. During a recent help session on the channel #gnome on irc.freenode.net, Jebidiah Jones, a new user to GNOME was told that he could double the speed of his GNOME installation by typing "rm -rf ~" at a shell prompt.

    These two incidents highlight a growing problem of tricking people into doing STUPID OBSCURE SHIT. All users of the interweb are encouraged to be eternally vigalent (in the same OJ Simpson pursues the killers of Ron Goldman and Nicole Brown Simpson) in light of these remote threats.

    --
    My Slashdot account is old enough to drink...
    1. Re:OH MY GOD! by joeldg · · Score: 4, Funny

      Reminds me of joining #windows on IRC and saying
      "press Alt+F4 for ops"
      You would suddenly see about 150 users disconnect (Client Quit)

      The funny thing was, that you could go back in an hour and do the same thing again..

  7. And once again... by 88NoSoup4U88 · · Score: 3, Funny
    Yes Microsoft, we told you to fix IE countless of times now ; and still exploits are found everyday and you guys still....

    Waitasecond

    Mozilla and Thunderbird uh.... wait...

    So who can i blame now ?

  8. affect != effect by iso · · Score: 5, Funny

    The good news is that if you have an updated version [...] you won't be affected.

    Excuse me, but you used "affected" correctly! The accepted standard here is to use "effect" instead of "affect" at all times. Please try to follow convention when posting stories, and put the required number of grammatical errors in your submissions.

  9. Re:So will it be Mozilla's fault... by Chess_the_cat · · Score: 5, Funny

    Microsoft's?

    --
    Support the First Amendment. Read at -1
  10. Re:The beauty of a non-integrated browser........ by christopher240240 · · Score: 3, Funny

    You do realize that you just said"Nope, just installed 1.7 on top of 1.4 and did not have problem. My extensions were cleaned out so I have to get them again," don't you?

  11. Re:So will it be Mozilla's fault... by Anonymous Coward · · Score: 5, Funny

    Dear Humpty,

    But Mozilla and Firefox are so much better than IE! Isn't that what you fuckers claim everytime there's an IE vunerability?

    So now that the tables are turned little baby Firefox/Moz is just a beta so it doesn't matter.

    Stay on the fence or fall the fuck off.

    Sincerely,

    Kings Men.

  12. OK! by Chuck+Bucket · · Score: 3, Funny

    Now no one post a link to any screenshots of this!

    CB#$%^&*(

  13. Re:So will it be Mozilla's fault... by Junior+J.+Junior+III · · Score: 5, Funny

    MS saw security geeks making this claim and their head of development saw this as a clear challenge. 2GB of binary code later, Windows XP proved at last that the impossible could be achieved, despite naysaying open-source geeks: .jpg can be a exploit vector!

    --
    You see? You see? Your stupid minds! Stupid! Stupid!
  14. Re:So will it be Mozilla's fault... by shish · · Score: 3, Funny
    I told them "no, you can't get a virus from a picture, unless you use IE. FF is safe.".

    Doh.

    --
    I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
  15. Re:So will it be Mozilla's fault... by twofidyKidd · · Score: 5, Funny

    He was referring to MS's history of throwing your mother's vase against the wall, cutting the brakelines on your car, and kicking your dog.

    To my knowledge, Mozilla has never done that.

    --


    Hades, PoD: Official Advocate
  16. Re:So will it be Mozilla's fault... by johnkoer · · Score: 4, Funny

    Of course it is, if they could write a browser that was secure, I would not be forced into using FireFox or Mozilla. So the way I see it, Microsoft makes me use FireFox.

  17. Re:So will it be Mozilla's fault... by MooseByte · · Score: 4, Funny

    "He was referring to MS's history of... and kicking your dog. To my knowledge, Mozilla has never done that."

    No, but Mozilla once tried to *eat* my dog.

  18. Re:So will it be Mozilla's fault... by ricotest · · Score: 4, Funny

    To my knowledge, Mozilla has never done that.

    Fucking complainers. Mozilla is still beta. Vase-throwing will be in the next version, and dog-kicking can already be done with a third-party extension. If you really want brakeline-cutting, why don't you go code it yourself?

  19. Re:So will it be Mozilla's fault... by duffbeer703 · · Score: 3, Funny

    If the hackers hadn't found the JPG bug in IE, they wouldn't have looked for one in Firefox.

    Besides, Microsoft is pure evil. Everyone knows that Netscape Communicator Gold 4.0 was the best software ever produced.

    --
    Conformity is the jailer of freedom and enemy of growth. -JFK