spacer

Three Way News

Your Source. For everything. Really.

Contributors

Current Poll

Best comic strip?

  • Bloom County
  • Boondocks
  • Calvin and Hobbes
  • Dilbert
  • Doonesbury
  • Far Side
  • Foxtrot
  • Get Fuzzy
  • Life in Hell
  • Peanuts
  • Pearls Before Swine
  • Pogo
  • Zippy the Pinhead
  
Free polls from Pollhost.com

Recurring features

Hammer's Favorites

Jambo's Favories

Friday, January 07, 2005

More Open Source Friday: More obsolete Firefox security flaws announced!

Posted by: Hammer / 11:02 PM

From eWeek:
Security researchers have raised the alarm for a series of unrelated, high-risk vulnerabilities in Microsoft Corp.'s Internet Explorer and the open-source Mozilla browsers.
Hmm. That sounds serious. High-risk vulnerabilities in the open-source Mozilla browser? Let's read on!
According to a Secunia advisory, the most serious IE flaw could be exploited by a malicious hacker to hijack a vulnerable machine, conduct cross-site/zone scripting and bypass a security feature in Microsoft Windows XP SP2.

Secunia rates the IE flaws as "extremely critical" and recommends that users opt for an alternative browser until Microsoft releases a comprehensive patch.

For its part, Microsoft has confirmed it is investigating a "Click and Scroll" issue in IE and has posted a temporary workaround to protect users from the flaw.

That does sound serious. My computer could be hijacked? The flaw is extremely critical? If I click and scroll my entire computer could go up in flames?
Microsoft recommends that users install the most recent cumulative fix for IE and disable the "drag-and-drop" or "copy-and-paste files" option across a domain.
I see. It's an IE feature. In case you want to have your computer hijacked. Some users like that. For the attention. Anyway, I'm sure the Mozilla bug is just as serious.
The updated IE warning comes on the heels of a Bugtraq advisory for multiple flaws in Mozilla, Firefox and Thunderbird products.
Multiple flaws? I don't like the sound of that. Time to revert to lynx (it's much faster for dial-up, anyway.). I wonder when those flaws will ever be fixed?
The volunteer Mozilla Foundation has rolled out new versions to patch the holes, which range from a potential buffer overflow and temporary files disclosure to anti-spoofing issues.

The Mozilla Team also fixed a way of spoofing filenames in the "What should Firefox do with this file" dialog-box option.

Whaaaa? Why that sounds like the Mozilla errors are already fixed. That if I'm running the current version of Firefox, I don't actually need to do anything. My software is already secure.

I guess that's not really high-risk, except for those folks who are running 0.7.3. Heh. Suckers.

0 Comments:

Post a Comment

<< Home

Blogroll

Special Feeds

Fun with Google

Search Tools

Technorati

Google

3WN WWW

Prior posts

  • Desperation
  • The terrorists have already won
  • We know what you are, we're haggling about the pri...
  • Comments
  • Open Source Friday: (Obsolete) Mozilla and Firefox...
  • First thing we do is blame the lawyers for the Gre...
  • Still Not the Pottery Barn Rule
  • What a night at the political theater...
  • If you have to ask
  • Archives

    • Gone for now

    This page is powered by Blogger. Isn't yours? Site Meter Get Firefox!