Security Issues in Mozilla

paulius_g writes "SecurityFocus has released a security warning with three problems that affect Mozilla on all platforms. The first issue allows the source of a download to be spoofed, generating a fake URL. This security issue is really easy to replicate: Create a long URL and the downloading box will only display its ending (Mozilla and Firefox). The second issue was created by the way that Mozilla's browsers handle news:// links to newsgroups, hackers can easily create false links and create a buffer overflow (Mozilla 1.7.5 and below, Firefox versions before 1.0). The third exploit affects machines with multiple users. The way that Firefox and Thunderbird store files allows every user to see them and to probably catch the other user's surfing habits (Firefox and Thunderbird). Let's hope that these will be fixed soon!"

Re:Sounds like good news to me

[Anonymous+Brave+Guy]

But, unlike IE, these aren't 'You open a web page and your machine is taken over as a spam zombie' vulnerabilities. They should be fixed, but are less serious than the usual IE bugs...

If you can have buffer over-run vulnerabilities in your C++ app, then you are potentially vulnerable to absolutely anything. The fact that even one exists, even in a beta development, betrays fundamentally flawed coding standards and/or QA procedures. These things should never happen in a C++ app, and the coding techniques to prevent them are trivial.

and they'll likely be fixed a lot faster.

Easy, tiger. As others have pointed out, most exploits of Windows/IE systems use vulnerabilities that MS patched months ago, and when critical ones do come up, patches usually do appear (with much hype) PDQ.

Why is it...

[cagliost]

That when Mozilla (or anything not by Microsoft) has a bug, people say "Let's hope that these will be fixed soon!", but when IE (or anything by Microsoft) has a bug, people say (")Hahahahaha!(")?