spacer

Three Way News

Your Source. For everything. Really.

Contributors

Current Poll

Best comic strip?

  • Bloom County
  • Boondocks
  • Calvin and Hobbes
  • Dilbert
  • Doonesbury
  • Far Side
  • Foxtrot
  • Get Fuzzy
  • Life in Hell
  • Peanuts
  • Pearls Before Swine
  • Pogo
  • Zippy the Pinhead
  
Free polls from Pollhost.com

Recurring features

Hammer's Favorites

Jambo's Favories

Friday, January 07, 2005

Open Source Friday: (Obsolete) Mozilla and Firefox Vulnerabilities Identified

Posted by: Hammer / 11:05 AM

Yahoo! News:
Users of the Mozilla and Firefox browsers and the Thunderbird e-mail client may be vulnerable to flaws that could allow an attacker to spy on or take over a system, according to security researchers.

An attacker could exploit the bug by creating an overly-long "news://" link, distributed in an e-mail or on a Web page, and enticing a user to click on it. Such methods have been successfully used to spread worms. Mozilla version 1.7.5 fixes the problem. Independent security research firm Secunia gave the bug a "highly critical" rating.

Firefox and Thunderbird are affected by less serious problems. The first is a vulnerability in the way they store temporary files--the files are sometimes stored with predictable names and in a format that allows anyone to read them. This means a local attacker could easily read the contents of another user's attachments or downloads, according to researchers.

Finally, a Secunia researcher discovered a way of spoofing the names of file downloads in Firefox. A malicious site could use the bug to disguise the true nature of files the user is downloading, or to get information on the presence of specific files on the local system.

These bugs are all fixed in Firefox 1.0 and newer, as well as Thunderbird 0.9 and newer.

Mozilla 1.7.5 was released a month ago. Firefox 1.0 was released November 9, 2004. Thunderbird 0.9 was released on November 3. Yup. This news story reports critical software vulnerabilities that were fixed months ago.

Meanwhile, the same company reports existing security flaws in IE. Not all of the 5 Firefox vulnerabilities have been corrected, but I'll take those 5 minor issues over the 75 existing IE 6 vulnerabilities dating back to March 13, 2003.

1 Comments:

Here's the new comment system.

By Blogger Hammer, at 11:07 AM  

Post a Comment

<< Home

Blogroll

Special Feeds

Fun with Google

Search Tools

Technorati

Google

3WN WWW

Prior posts

  • Still Not the Pottery Barn Rule
  • What a night at the political theater...
  • If you have to ask
  • A personal two-fer: A new reason to distrust the T...
  • Malpractice follow-up
  • Sure they are
  • Can You Hear Me Now God? It's Me, Pat
  • Employers celebrate Bush victory
  • Empty Suit Thursdays: 2005

    • Archives

    • Gone for now

    This page is powered by Blogger. Isn't yours? Site Meter Get Firefox!