Slashdot Mirror
Security Issues in Mozilla
paulius_g writes "SecurityFocus has released a security warning with three problems that affect Mozilla on all platforms. The first issue allows the source of a download to be spoofed, generating a fake URL. This security issue is really easy to replicate: Create a long URL and the downloading box will only display its ending (Mozilla and Firefox). The second issue was created by the way that Mozilla's browsers handle news:// links to newsgroups, hackers can easily create false links and create a buffer overflow (Mozilla 1.7.5 and below, Firefox versions before 1.0). The third exploit affects machines with multiple users. The way that Firefox and Thunderbird store files allows every user to see them and to probably catch the other user's surfing habits (Firefox and Thunderbird). Let's hope that these will be fixed soon!"
As it becomes more and more popular, more and more bugs will be discovered. There is no inherently secure piece of software: it's only a matter of problems / volume.
A blog like any other.
Go to http://secunia.com/advisories/13599 (linked in post) and it says: Solution Status: Unpatched
Why is everyone saying these are fixed?
I used to bulls-eye womp-rats in my pants
I would never suggest anything of the sort. You must work for SCO or something to suggest that I was suggesting that.
/. and serious reflection on situation is seldom the norm.
<Quasi-seriousness>
IE does suck all on its own, but this is
</Quasi-seriousness>
CitrusTV (http://www.citrustv.net): the Nation's Oldest & Largest Entirely Student-Run Television Station
IE is 25 MB Firefox is 4.7MB thats why ie also sucks
Mozilla 1.7.5 and Firefox 1.0 are still vulnerable.
For more information, click here.
well there is a 900K linux distro