Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Issues in Mozilla

Posted by michael on from the better-than-IE dept.

paulius_g writes "SecurityFocus has released a security warning with three problems that affect Mozilla on all platforms. The first issue allows the source of a download to be spoofed, generating a fake URL. This security issue is really easy to replicate: Create a long URL and the downloading box will only display its ending (Mozilla and Firefox). The second issue was created by the way that Mozilla's browsers handle news:// links to newsgroups, hackers can easily create false links and create a buffer overflow (Mozilla 1.7.5 and below, Firefox versions before 1.0). The third exploit affects machines with multiple users. The way that Firefox and Thunderbird store files allows every user to see them and to probably catch the other user's surfing habits (Firefox and Thunderbird). Let's hope that these will be fixed soon!"

3 of 454 comments (clear)

  1. Updates by harlingtoxad · · Score: 5, Insightful

    Most viruses are exploits of things MS has patched months earlier. If Firefox becomes mainstream can we count on the average user to update or will an out of date Firefox become nearly as bad as IE?

    --
    Gravity is not just a law, it's also a good idea.
  2. Re:Even then.... by frankthechicken · · Score: 5, Insightful

    Why?

    Both will have flaws, some major, some minor. And, for me, there seems no real evidence that the Firefox community corrects problems quicker than MS. Both appear to me to fix major problems relatively quickly.

    The only real difference is the experience a user gains from using an individual browser. And for me, I personally prefer the FF experience, as I should, having configuring it until it fits like a glove.

  3. Re:A fix? by The+Spoonman · · Score: 5, Insightful

    Why is everyone saying these are fixed?

    I'm more curious as to why they aren't fixed YET? We've been hearing for years that Open Source software is better because any problem is fixed within 24-48 hours. Well, it's been almost 51 hours since that issue was released on SecurityFocus, and I'm sure significantly longer since it was first discovered. Firefox is still not telling me there's an update available. What gives?

    For those incapable of grasping the sarcasm, let me spell it out for you: rhetoric gets stale for a reason.

    --
    Which is more painful? Going to work or gouging your eye out with a spoon? Find out!
    http://www.workorspoon.com