July 9th, 2004, 02:37 AM
Security hole found in Mozilla browser
Source : http://zdnet.com.com/2100-1105_2-5262676.html
Developers at the open-source Mozilla Foundation have confirmed that the latest version of their Web browsers have a security flaw that could theoretically allow attackers to crash computers or launch unauthorized programs.
The flaw was publicized Wednesday on a security mailing list, along with a link to a fix for the problem . Updated versions of the affected software programs, which include the Mozilla, Firefox and Thunderbird browsers, have been released.
Developers said the flaw affected only Windows users, not computers running either the Macintosh or Linux operating systems
Mozilla developers said that future versions of the Firefox Web browser would have automatic update notifications that would make it easier to notify users about security fixes.
Patch : http://www.mozilla.org/security/shell.html
July 9th, 2004, 02:55 AM
Well that was a quick and painless patch. Thank God for open source. MSFT still hasn't fixed a couple of known 'sploits in IE.
July 9th, 2004, 07:25 AM
You said it. Had a discussion at work with the sysadmin today about how Opensource focuses on quality because it doesn't have the desire to make money get in the way and have them rush the product. It's really made me consider using Linux. I think I'd just go ahead and do it if I didn't game. Wish they made more games for Linux.
Originally posted here by thread_killer
hank God for open source.
/edit - "Linux" not "Llinux".
"Personality is only ripe when a man has made the truth his own."
-- Søren Kierkegaard
July 9th, 2004, 06:25 PM
Would this mean that coding for windows can bring programming flaws because of how certain routines are handled? I'm only wondering in general, since we seem to have a plethora of exploits for win-based software, and nearly not as many for lin. [although Gates said otherwise].
Or is it simply that more exploits are found because windows is a more widespread system? I know it's a bit off-topic. [or a byte, if you will]
July 9th, 2004, 06:51 PM
Yeah, when you have OpenSource project's that are distributed to the public, it's people like security guru's that can help to fix a problem or patch a flaw. Therefore patches come easier and problem's/exploit's solved quicker.
July 9th, 2004, 07:54 PM
I couldn't agree more I have always thought that opensource was better for those reasons. I am just waiting and hopeing for Linux to turn into an industry standard so my users can abandon their Windows machines and load up some free software! Also in doing this I would be able to study the Linux Kernel more (while at work) and people wouldn't bother me.
Yeah thats right........I said It!
Ultimately everyone will have their own opinion--this is mine.
July 9th, 2004, 08:09 PM
I don't think things are this easy.
I think microsoft is the target for so much exploits for many reasons. One of those reasons is (indeed) the widespread system. Another reason is the (absence of) knowledge of most of its users. Windows is a very easy to use OS. Even a nitwit can use it. But they don't know when anything goes wrong. A third (but by for not the last) reason is indeed the big dollar industry behind windows.
Because linux is opensource and free, it's less a target to attacks. There are exploits in the OS, but they are fixed rather fast. Why?? - not because of the guru's but because of the open-source spirit. If Microsoft had to pay the same amount of people that are now working together on the dev of Linux, they would be bankrupt.
July 9th, 2004, 09:01 PM
snatched from a post I made previously
One of those reasons is (indeed) the widespread system.
This is a popular myth not only amoung browsers but also Operating Systems. People believe that popularity == amount of exploitation But you have to remember that even if IE is more popular, thousands upon thousands of eyes look over Mozilla and other open source projects each and every day. This doesn't just mean that the source code is in danger because of how popular it is to the linux crowd, but also that even if IE is popular on a more roundabout percentage, the smarter and brighter people of the computer world are going to be in Linux and using Open Source web browsers (on a percentage basis) but yet their code still remains more secure overall than IE. The smarter people with the power to exploit the code, choose not too.
So, it doesn't come down to popularity, or else Gnome and KDE would be riddled with holes. It comes down to how well a program is exploited. According to the way IE was coded, it is -very- easily exploited and thus why the attraction to continue exploiting it. Mozilla and Firefox, etc etc, have a history of being rock solid in terms of security and thus the less appeal to exploiting it (even though the source is secured by hand each day).
Some of the most secure computer programming utilities are closed source and not free:
Because linux is opensource and free, it's less a target to attacks.
http://www.pgp.com/ - They started pgp, which inspired gnugp.
http://wwws.sun.com/software/solaris/ - Quite possibly the most secure OS to ever have seen the face of networking (according to statistics of %of breakins per OS).
http://www.kerio.com/kwf_home.html - One of the most indepth and configurable firewalls I've ever seen. With it's list of exploits being so few that it's #1 on vunerability security.
http://www.cisco.com/ - Some of the most reobust chipset and management software avaliable for hardware firewalls and server systems.
Closed source and free != better or more secure. It always comes down to the programers and their ethics on programming correctly and securley.
July 9th, 2004, 09:33 PM
Ahem... depending to what extent you use Solaris... because I have a very legal download of Solaris 9, 3 CDs.
July 9th, 2004, 11:44 PM
Some more info here
Damn dialup, me waits for nearly 2 hours to download Mozilla 1.7.1
Using it now and i must say that it's a nice change from IE, i like the
extra popup windows warning of sending unencrypted info over the net,
i will mess around with it to see if any issues come up, and if not adios m$ IE.....