Slashdot Mirror

← Back to Stories (view on slashdot.org)

Serious Vulnerability In Firefox 2.0.0.12

Posted by kdawson on from the that-was-quick dept.

Oh, Not Now writes "Mozilla Firefox 2.0.0.12, mere hours old, is vulnerable by default to a directory traversal trick, via the view-source mechanism. Although mitigated by the NoScript plug-in, this is quite a serious bug — the default installation is vulnerable from the get-go."

12 of 355 comments (clear)

  1. It must be Microsoft's fault by Anonymous Coward · · Score: -1, Troll

    LOLZ. Somebody, quick explain how this the evil M$ is responsible for this!!

    1. Re:It must be Microsoft's fault by Anonymous Coward · · Score: -1, Troll

      Paydirt! You're apologist asshole of the day is none other than Nazlfrag. Take a bow dipshit.

  2. Fixed is hours! by skelator2821 · · Score: -1, Troll

    Yes this is not good BUT! It will only take them hours or a day at most to patch it.. You IE-6 users waited for months if not Years and then the only reason M$ released patches and tried to act like they were really supporting their users was because they were starting to get Serious competiton again.. Don't believe me? just Google it.

    1. Re:Fixed is hours! by Anonymous Coward · · Score: -1, Troll

      Dude, are you on crack?

  3. Who cares? Use Opera by Finallyjoined!!! · · Score: -1, Troll

    's much better :-) Less bugs, more enjoyment. Heh :-)

    --
    If I had an Ass, I'd call it Fanny Bottom, then I could slap my Ass; Fanny Bottom, on the Arse.
  4. Who is to blame? by Colourspace · · Score: -1, Troll

    Must be Microsofts/Googles/Apples/SCO's fault. Delete as applicable.

  5. Trojan? by 4D6963 · · Score: 0, Troll

    Would that be why I caught a trojan right after installing that version and browsing sites of questionable trustworthiness?

    --
    You just got troll'd!
  6. Re:* Stops download of newest Firefox * by Vectronic · · Score: -1, Troll

    At the risk of being modded as FlameBait...

    (http://www.mozilla.org/projects/security/known-vulnerabilities.html)
    "Critical" ones marked with *

    MFSA 2008-11 Web forgery overwrite with div overlay
    MFSA 2008-10 URL token stealing via stylesheet redirect
    MFSA 2008-09 Mishandling of locally-saved plain text files
    MFSA 2008-08 File action dialog tampering
    *MFSA 2008-06 Web browsing history and forward navigation stealing
    MFSA 2008-05 Directory traversal via chrome: URI
    MFSA 2008-04 Stored password corruption
    *MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
    MFSA 2008-02 Multiple file input focus stealing vulnerabilities
    *MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)

    There's quite a few problems with 2.0.0.12, infact more bugs in *.12 than *.11

  7. Re:How come? by HazE_nMe · · Score: 0, Troll

    With a UIN as low as yours I will go ahead and assume that you are not new here.
    Perhaps in your old age you forgot what site you were on?

  8. Re:* Stops download of newest Firefox * by HartDev · · Score: 0, Troll

    Nothing is safe anymore! Oh well maybe I will keep my social number in my drawer or something. Plus Opera is a pretty slick browser.

    --
    To see a few of my Android apps goto: www.hartwired.com
  9. just another reason to uninstall firefox by Anonymous Coward · · Score: -1, Troll

    oh well. it sucked anyway. fucking open source fails where it claims it's strongest. liars and faggots.

  10. Re:Update the title... NOW. by Anonymous Coward · · Score: -1, Troll

    Carl, just suck it. You're a hack no better the n3td3v. In fact, you're lam3r than that shit.