Slashdot Mirror


Security Issues in Mozilla

paulius_g writes "SecurityFocus has released a security warning with three problems that affect Mozilla on all platforms. The first issue allows the source of a download to be spoofed, generating a fake URL. This security issue is really easy to replicate: Create a long URL and the downloading box will only display its ending (Mozilla and Firefox). The second issue was created by the way that Mozilla's browsers handle news:// links to newsgroups, hackers can easily create false links and create a buffer overflow (Mozilla 1.7.5 and below, Firefox versions before 1.0). The third exploit affects machines with multiple users. The way that Firefox and Thunderbird store files allows every user to see them and to probably catch the other user's surfing habits (Firefox and Thunderbird). Let's hope that these will be fixed soon!"

12 of 454 comments (clear)

  1. Trolling first post by Anonymous Coward · · Score: -1, Troll

    FP FP FP FP

    YEah Now you wankers can bash Opensource!!

    Suck up to M$!!!

    Troll!!!

  2. Unacceptable by goldspider · · Score: -1, Troll

    While I wouldn't say that these vulnerabilities are exactly obvious, they are major enough that (IMHO) they should have been spotted and corrected before rollout.

    I haven't read TFA all the way through yet, but how long (how many versions) have these been an issue?

    --
    "Ask not what your country can do for you." --John F. Kennedy
  3. Re:Even then.... by IcEMaN252 · · Score: 0, Troll

    Are you new here? IE is a MS product and therefore is evil, rotten, and sucks.

    --
    CitrusTV (http://www.citrustv.net): the Nation's Oldest & Largest Entirely Student-Run Television Station
  4. Impossible by Anonymous Coward · · Score: -1, Troll
    The whole article is a hoax.

    Security problems cannot exist in Mozilla or Firefox. They must mean IE.
    Even if it were true, it's irrelevant. We run those browsers because they are are not Microsoft. It's the feeling I am superior than you just because I run a superior browser that's the only important thing here. Nobody can take that away from me. I don't care about the facts, the only thing I care about is the truth, that bugs cannot exist in those browsers because they are perfect and superior. Slashdot itself says so.

  5. Re:A fix? by Anonymous Coward · · Score: -1, Troll

    And here's the upgrade.

  6. What No Trojans.... by Anonymous Coward · · Score: -1, Troll

    ...or AdWare, or SpyWare... I'm disappointed. Internet Explorer has much more satisfying hacks

  7. Re:Even then.... by recursiv · · Score: 0, Troll

    Wrong. That's not why IE sucks. IE sucks purely on its own merits.

    I know you were kidding, but it sounds like you are suggesting that IE doesn't suck, and that is what I'm addressing.

    --
    I used to bulls-eye womp-rats in my pants
  8. Re:Even then.... by theVP · · Score: 1, Troll

    Despite these security flaws, Firefox doesn't integrate itself with the OPERATING SYSTEM, and therefore despite its security flaws, it can't do near the damage that IE can. Not only that, since this is an open source program, I wouldn't doubt that a fix will appear much much faster than it would for IE. Need I also point out that more people still use IE than Firefox, and as a result, IE users are still the more targeted? Firefox is still safer to use, hands down.

    --
    "No one is more miserable than the person who wills everything and can do nothing." -Emperor Claudius 10 BC - AD 54
  9. Re:A fix? by Anonymous Coward · · Score: -1, Troll

    Stop spreading FUD about OSS, you M$ drone!

  10. Re:Another fair objective article.... by Kent+Recal · · Score: 1, Troll

    it seems like we could be a bit more fair around here and at least either treat both browsers as if they suck, or treat them both with respect.

    I'm touched by your call for humanity.
    But they're friggin browsers. That's software, not people, mmkay?

    The reason why people treat IE and Mozilla so differently is because IE does indeed suck bad and Mozilla does indeed suck far less. People are stunned that a multi-billion dollar company constantly refuses to apply proper QA to their software but instead sells expensive packages that are so bug-ridden that many real developers would be ashamed to only call it a "beta".

    Back on topic:
    These three "bugs" in the story (two of which have been fixed long ago, before v1.0) are pretty ridiculous compared to what MS comes up with every couple weeks. None of these Moz-bugs would allow a remote attacker to execute code on your box. Most remote IE-exploits that I have seen allow an attacker to do just that.

    Therefor, the IE codebase (and the company responsible for it) deserve
    no respect whatsoever.

    Just my personal observations.

  11. Here's the fix everybody by jamesgriff · · Score: 1, Troll

    You were looking for a fix

    here it is


    Note to self: I wonder whether this will be modded "-1, Troll" or "+5, Funny"

  12. Twitter: Life and times of a petulant cock-gobbler by Anonymous Coward · · Score: -1, Troll

    Twitter, you're a petulant cock-gobbling sycophant to Linux Torvaldyos! Quit taking DP from ESR and RMS's feculent cocks and why don't you try to stop sucking quite so much? Get out of your parents' basement and see the real world - maybe then you'll see how pathetic you sound, with your neverending stream of bullshit about how Microsoft is stalking you. Wasn't it you who said that Microsoft believes your insane ranting is actually a threat to them, so they PAY PEOPLE to reply to you on Slashdot? No sir, I don't get any money. I do it for the love. Someone has to go up against your paranoid whining. So get back in your cage and shut the fuck up already.