Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Issues in Mozilla

Posted by michael on from the better-than-IE dept.

paulius_g writes "SecurityFocus has released a security warning with three problems that affect Mozilla on all platforms. The first issue allows the source of a download to be spoofed, generating a fake URL. This security issue is really easy to replicate: Create a long URL and the downloading box will only display its ending (Mozilla and Firefox). The second issue was created by the way that Mozilla's browsers handle news:// links to newsgroups, hackers can easily create false links and create a buffer overflow (Mozilla 1.7.5 and below, Firefox versions before 1.0). The third exploit affects machines with multiple users. The way that Firefox and Thunderbird store files allows every user to see them and to probably catch the other user's surfing habits (Firefox and Thunderbird). Let's hope that these will be fixed soon!"

5 of 454 comments (clear)

  1. Re:Even then.... by IcEMaN252 · · Score: 0, Troll

    Are you new here? IE is a MS product and therefore is evil, rotten, and sucks.

    --
    CitrusTV (http://www.citrustv.net): the Nation's Oldest & Largest Entirely Student-Run Television Station
  2. Re:Even then.... by recursiv · · Score: 0, Troll

    Wrong. That's not why IE sucks. IE sucks purely on its own merits.

    I know you were kidding, but it sounds like you are suggesting that IE doesn't suck, and that is what I'm addressing.

    --
    I used to bulls-eye womp-rats in my pants
  3. Re:Even then.... by theVP · · Score: 1, Troll

    Despite these security flaws, Firefox doesn't integrate itself with the OPERATING SYSTEM, and therefore despite its security flaws, it can't do near the damage that IE can. Not only that, since this is an open source program, I wouldn't doubt that a fix will appear much much faster than it would for IE. Need I also point out that more people still use IE than Firefox, and as a result, IE users are still the more targeted? Firefox is still safer to use, hands down.

    --
    "No one is more miserable than the person who wills everything and can do nothing." -Emperor Claudius 10 BC - AD 54
  4. Re:Another fair objective article.... by Kent+Recal · · Score: 1, Troll

    it seems like we could be a bit more fair around here and at least either treat both browsers as if they suck, or treat them both with respect.

    I'm touched by your call for humanity.
    But they're friggin browsers. That's software, not people, mmkay?

    The reason why people treat IE and Mozilla so differently is because IE does indeed suck bad and Mozilla does indeed suck far less. People are stunned that a multi-billion dollar company constantly refuses to apply proper QA to their software but instead sells expensive packages that are so bug-ridden that many real developers would be ashamed to only call it a "beta".

    Back on topic:
    These three "bugs" in the story (two of which have been fixed long ago, before v1.0) are pretty ridiculous compared to what MS comes up with every couple weeks. None of these Moz-bugs would allow a remote attacker to execute code on your box. Most remote IE-exploits that I have seen allow an attacker to do just that.

    Therefor, the IE codebase (and the company responsible for it) deserve
    no respect whatsoever.

    Just my personal observations.

  5. Here's the fix everybody by jamesgriff · · Score: 1, Troll

    You were looking for a fix

    here it is


    Note to self: I wonder whether this will be modded "-1, Troll" or "+5, Funny"