Slashdot Mirror


Critical Mozilla, Thunderbird Vulnerabilities

d3ik writes "An advisory has been issued on several buffer overflow exploits in the Mozilla and Thunderbird code. Coincidentally, one of the exploits takes advantage of a unchecked buffer in the bitmap parser, very similar to recent Microsoft JPEG vulnerability. The good news is that if you have an updated version (Mozilla 1.7.3, Firefox 1.0PR, Thunderbird 0.8) you won't be affected."

15 of 596 comments (clear)

  1. Re:So will it be Mozilla's fault... by duffbeer703 · · Score: 5, Funny

    No, it will still be Microsoft's fault.

    --
    Conformity is the jailer of freedom and enemy of growth. -JFK
  2. Compatibility by zero-one · · Score: 4, Funny

    Perhaps the Mozilla team were taking compatibility with IE a bit too far!

  3. Here They Come by TheLetterPsy · · Score: 5, Funny

    Cue all the, "Boy, I sure am glad I use IE" posts . . . er . . . I mean . . .

  4. Question by Anonymous Coward · · Score: 5, Funny

    Does my lynx browser need updating?

    1. Re:Question by Chaotic+Evil+Cleric · · Score: 4, Funny

      Yes, but for a different reason.

  5. OH MY GOD! by pridkett · · Score: 4, Funny

    This really worries me:

    7) Mozilla allows dragging links to another window or frame. This can e.g be exploited by tricking a user on a malicious website to drag a specially crafted javascript link to another window. Successful exploitation can cause script code to execute in context of that window. Further exploitation can in combination with another unspecified vulnerability lead to execution of arbitrary code.

    Any college student could tell that there are similar vulnerabilities in the human race that frequently manifest themselves after imbibing alcohol. Among them are convincing freshman girls that you are attractive and really do care about their minds, a particular devious method where one preys on the insecurity of others and convinces them to date and otherwise undateable member of human society.

    The problem is not confined to just colleges. During a recent help session on the channel #gnome on irc.freenode.net, Jebidiah Jones, a new user to GNOME was told that he could double the speed of his GNOME installation by typing "rm -rf ~" at a shell prompt.

    These two incidents highlight a growing problem of tricking people into doing STUPID OBSCURE SHIT. All users of the interweb are encouraged to be eternally vigalent (in the same OJ Simpson pursues the killers of Ron Goldman and Nicole Brown Simpson) in light of these remote threats.

    --
    My Slashdot account is old enough to drink...
    1. Re:OH MY GOD! by joeldg · · Score: 4, Funny

      Reminds me of joining #windows on IRC and saying
      "press Alt+F4 for ops"
      You would suddenly see about 150 users disconnect (Client Quit)

      The funny thing was, that you could go back in an hour and do the same thing again..

  6. affect != effect by iso · · Score: 5, Funny

    The good news is that if you have an updated version [...] you won't be affected.

    Excuse me, but you used "affected" correctly! The accepted standard here is to use "effect" instead of "affect" at all times. Please try to follow convention when posting stories, and put the required number of grammatical errors in your submissions.

  7. Re:So will it be Mozilla's fault... by Chess_the_cat · · Score: 5, Funny

    Microsoft's?

    --
    Support the First Amendment. Read at -1
  8. Re:So will it be Mozilla's fault... by Anonymous Coward · · Score: 5, Funny

    Dear Humpty,

    But Mozilla and Firefox are so much better than IE! Isn't that what you fuckers claim everytime there's an IE vunerability?

    So now that the tables are turned little baby Firefox/Moz is just a beta so it doesn't matter.

    Stay on the fence or fall the fuck off.

    Sincerely,

    Kings Men.

  9. Re:So will it be Mozilla's fault... by Junior+J.+Junior+III · · Score: 5, Funny

    MS saw security geeks making this claim and their head of development saw this as a clear challenge. 2GB of binary code later, Windows XP proved at last that the impossible could be achieved, despite naysaying open-source geeks: .jpg can be a exploit vector!

    --
    You see? You see? Your stupid minds! Stupid! Stupid!
  10. Re:So will it be Mozilla's fault... by twofidyKidd · · Score: 5, Funny

    He was referring to MS's history of throwing your mother's vase against the wall, cutting the brakelines on your car, and kicking your dog.

    To my knowledge, Mozilla has never done that.

    --


    Hades, PoD: Official Advocate
  11. Re:So will it be Mozilla's fault... by johnkoer · · Score: 4, Funny

    Of course it is, if they could write a browser that was secure, I would not be forced into using FireFox or Mozilla. So the way I see it, Microsoft makes me use FireFox.

  12. Re:So will it be Mozilla's fault... by MooseByte · · Score: 4, Funny

    "He was referring to MS's history of... and kicking your dog. To my knowledge, Mozilla has never done that."

    No, but Mozilla once tried to *eat* my dog.

  13. Re:So will it be Mozilla's fault... by ricotest · · Score: 4, Funny

    To my knowledge, Mozilla has never done that.

    Fucking complainers. Mozilla is still beta. Vase-throwing will be in the next version, and dog-kicking can already be done with a third-party extension. If you really want brakeline-cutting, why don't you go code it yourself?