If the servers and clients are physically safe/locked that is. SSH renegotiates the encryption keys by default when nessesary. So even if an adversary tries to break your keys, he would have to sart over pretty soon.
You can't tell me that starting up an IRC session without the user's knowledge is something that should be expected.
Thats not what is happening. Firefox is just running a post request to a IRC server. The Irc server happely ignores all the http protocol headers and iterprets the data in the post request as a irc protocol data. So the only thing firefox is doing "wrong" is allowing a post request to a non-standard port.
Slashdot Mirror
If the servers and clients are physically safe/locked that is. SSH renegotiates the encryption keys by default when nessesary. So even if an adversary tries to break your keys, he would have to sart over pretty soon.
You can't tell me that starting up an IRC session without the user's knowledge is something that should be expected.
Thats not what is happening. Firefox is just running a post request to a IRC server. The Irc server happely ignores all the http protocol headers and iterprets the data in the post request as a irc protocol data. So the only thing firefox is doing "wrong" is allowing a post request to a non-standard port.
There are also plenty of Firefox vulnerabilities out there, they just don't get national headlines like IE does. Here's a current one.
This is not a exploit in firefox. This is a vurnabillity in some IRC servers. The Freenode people agree. They are moving to a new IRCd.