Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla Firefox 1.0.7 DoS Exploit

Posted by Hemos on from the to-be-confirmed-or-not-confirmed dept.

An anonymous reader writes "Whitedust Security are reporting on a new exploit for Firefox which apparently affects all versions of the browser from 1.0.7 down. From the article: "If this exploit has made it out into, or indeed been retrieved from the wild is unknown at this time. However it is clear that this exploit will indeed need patching as soon as possible.""

2 of 438 comments (clear)

  1. Re:Brilliant header! by SteveAyre · · Score: 1, Redundant

    Yep. I'm running 1.5 and just tried it out... no effect.

  2. Run this through the /. filter... by prisoner-of-enigma · · Score: 0, Redundant

    1. A bug in a browser is found.
    2. Regardless of the type of bug, if it's an Open Source browser, you can say any of the following:
            "It's an insignificant bug!"
            "It'll be fixed faster than Microsoft would fix it!"
            "At least you have the source code so you can figure out a fix on your own!"
            "Hey, these guys aren't being paid so quit complaining."
            "This is news?"
    3. Regardless of the type of bug, if it's a Microsoft browser, you can say any of the following:
            "Bill Gates sucks!"
            "Microsoft sucks!"
            "I hate Microsoft!"
            "IE is for losers!"
            "This is a huge exploit that will cause global chaos!"
            "This is the biggest piece of news ever!"

    Note the double standard, folks. If it's OSS, it's "good" software and thus automatically immune from any kind of criticism. Indeed, it's given the exact opposite: flaws are actually excused with lame rationalizations. If it's Microsoft software, it's "bad" software and thus every flaw must be expounded upon, exaggerated, and endlessly repeated.

    A flaw is a flaw is a flaw. If it's a flaw that crashes your browser, we should heap the same criticism (or give the same excuses) regardless of whether that software comes from Mozilla.org or Microsoft.com. Without criticism, there is no incentive to change. By calling these exploits and bugs by their right name, we are helping the OSS cause. Do not think you're helping things by saying "hey, it's no big deal when a Firefox bug crashes my browser" but then say something completely opposite when a similar bug crashes IE.

    --
    In the end they will lay their freedom at our feet and say to us, Make us your slaves, but feed us. - Fyodor Dostoyevsky