Security Issues in Mozilla

paulius_g writes "SecurityFocus has released a security warning with three problems that affect Mozilla on all platforms. The first issue allows the source of a download to be spoofed, generating a fake URL. This security issue is really easy to replicate: Create a long URL and the downloading box will only display its ending (Mozilla and Firefox). The second issue was created by the way that Mozilla's browsers handle news:// links to newsgroups, hackers can easily create false links and create a buffer overflow (Mozilla 1.7.5 and below, Firefox versions before 1.0). The third exploit affects machines with multiple users. The way that Firefox and Thunderbird store files allows every user to see them and to probably catch the other user's surfing habits (Firefox and Thunderbird). Let's hope that these will be fixed soon!"

Bill was right!

[fromme]

Commies are doomed to failure!

My karma ran over my dogma

-1: High Standards for OSS

Why is it that Slashbots jump at every chance to trash Microsoft for their (supposed) low security standards, yet apparently don't hold open source projects particularly high standards? And why do they silence (through moderation) those who DO hold OSS to high standards?

Re:Updates

[Ced_Ex]

Exactly!

Then there are the slashdotters that suggest Firefox updates "secretly" so joe sixpack doesn't know about it, yet when MS has an auto-update feature, the same asses are crying foul, "Oh, I want to have full control over what goes on my system."

Is anyone listening to themselves?

Re:Does no one read anymore?

[bonch]

I see articles posted on Windows vulnerabilities affecting pre-SP2 installs all the time. I didn't realize Slashdot wasn't supposed to talk about security flaws that affected recent versions but not the absolute latest version of something. If that's true, it's a waste of time looking to this place for security news.