Slashdot Mirror
Security Issues in Mozilla
paulius_g writes "SecurityFocus has released a security warning with three problems that affect Mozilla on all platforms. The first issue allows the source of a download to be spoofed, generating a fake URL. This security issue is really easy to replicate: Create a long URL and the downloading box will only display its ending (Mozilla and Firefox). The second issue was created by the way that Mozilla's browsers handle news:// links to newsgroups, hackers can easily create false links and create a buffer overflow (Mozilla 1.7.5 and below, Firefox versions before 1.0). The third exploit affects machines with multiple users. The way that Firefox and Thunderbird store files allows every user to see them and to probably catch the other user's surfing habits (Firefox and Thunderbird). Let's hope that these will be fixed soon!"
I guess they are not drinking the water from Redmond!
Oh no! Time to switch back to IE.
The tragedy, the inhumanity!!
Bet Gates is grinning today hoping everyone will forget his laptop crash.
Don't Tech all day and night, visit:
WillingtonKarateClub.org Training Tips and more
that I can still wipe my Linux box, buy a copy of XP, install, activate, update, reboot, update, reboot, get SP1 & 2, reboot, update, reboot and I'll be able to use Internet Explorer, a safe alternative to....oh wait...
"quote me! :)"
-- xutopia
You mean I gotta walk all the way down to the systemroom to get my information? Crap, no wonder I haven't been able to find it in my office lately...
Could you tell me where you have downloaded your version of IE for FreeBSD, Linux, OpenBSD and NetBSD ?
These flaws are a real problem but Firefox, YES, is still better than IE. Besides, the first flaw is not a flaw: you must ALWAYS download stuff from people you trust (and even then , you have to check the sources with a GnuPG key ring).
*claps* He gets it ! YaY !!
IT is Dead. The industry is Shot Join Others Who Feel Your Pain http://www.internalstrife.com/
Thou shalt not defame the Holy Mozilla's name !!!
I'm tired of all these upgrades every once in a while.. Now, I'm using telnet to port 80 to read slashdot. It took me 4 hours to post this though..
is this long enough?
I stole this
You could have reduced it to 2 hours if you had used both your hands to type.
No Sig for you.!
Oh, a side note. If I have Windows and I want to use Mozilla, why do I have to use IE first to download mozilla?? I already have IE installed, why do I need to download yet another browser and install it?
Never download Mozilla with IE or any other insecure product! Only download Mozilla with Mozilla!
If you download it with IE you may not be downloading the REAL Mozilla. That's what I tell people who report Mozilla crashing and stuff like that. The real Mozilla is flawless. How do you know you are using the real Mozilla?
Also never let someone else install Mozilla from a storage device. They may have tampered with it.
Remember: It's an open source product, so anyone can recompile it with his own malware embedded!
1. Is there a patch or do I have to download the whole browser and reinstall?
See Tools>Options>Software Updates
How can his post be rated informatve when it isn't true?
You must be new here.