Security hole found in Mozilla browser
Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Security hole found in Mozilla browser

  1. #1
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126

    Security hole found in Mozilla browser

    Developers at the open-source Mozilla Foundation have confirmed that the latest version of their Web browsers have a security flaw that could theoretically allow attackers to crash computers or launch unauthorized programs.
    The flaw was publicized Wednesday on a security mailing list, along with a link to a fix for the problem . Updated versions of the affected software programs, which include the Mozilla, Firefox and Thunderbird browsers, have been released.

    Developers said the flaw affected only Windows users, not computers running either the Macintosh or Linux operating systems

    ...

    Mozilla developers said that future versions of the Firefox Web browser would have automatic update notifications that would make it easier to notify users about security fixes.
    Source : http://zdnet.com.com/2100-1105_2-5262676.html
    Patch : http://www.mozilla.org/security/shell.html
    -Simon \"SDK\"

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Posts
    274
    Well that was a quick and painless patch. Thank God for open source. MSFT still hasn't fixed a couple of known 'sploits in IE.

  3. #3
    Hoopy Frood
    Join Date
    Jun 2004
    Posts
    662
    Originally posted here by thread_killer
    hank God for open source.
    You said it. Had a discussion at work with the sysadmin today about how Opensource focuses on quality because it doesn't have the desire to make money get in the way and have them rush the product. It's really made me consider using Linux. I think I'd just go ahead and do it if I didn't game. Wish they made more games for Linux.

    Regards,
    Xierox

    /edit - "Linux" not "Llinux".
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  4. #4
    Senior Member
    Join Date
    Jul 2003
    Posts
    813
    Would this mean that coding for windows can bring programming flaws because of how certain routines are handled? I'm only wondering in general, since we seem to have a plethora of exploits for win-based software, and nearly not as many for lin. [although Gates said otherwise].

    Or is it simply that more exploits are found because windows is a more widespread system? I know it's a bit off-topic. [or a byte, if you will]
    /\\

  5. #5
    King Arana: Super Moderator
    Join Date
    Oct 2002
    Posts
    4,055
    Yeah, when you have OpenSource project's that are distributed to the public, it's people like security guru's that can help to fix a problem or patch a flaw. Therefore patches come easier and problem's/exploit's solved quicker.
    Space For Rent.. =]

  6. #6
    Senior Member
    Join Date
    Jun 2004
    Posts
    281
    I couldn't agree more I have always thought that opensource was better for those reasons. I am just waiting and hopeing for Linux to turn into an industry standard so my users can abandon their Windows machines and load up some free software! Also in doing this I would be able to study the Linux Kernel more (while at work) and people wouldn't bother me.

    - MilitantEidolon
    Yeah thats right........I said It!

    Ultimately everyone will have their own opinion--this is mine.

  7. #7
    Junior Member
    Join Date
    Jul 2004
    Posts
    1
    I don't think things are this easy.

    I think microsoft is the target for so much exploits for many reasons. One of those reasons is (indeed) the widespread system. Another reason is the (absence of) knowledge of most of its users. Windows is a very easy to use OS. Even a nitwit can use it. But they don't know when anything goes wrong. A third (but by for not the last) reason is indeed the big dollar industry behind windows.

    Because linux is opensource and free, it's less a target to attacks. There are exploits in the OS, but they are fixed rather fast. Why?? - not because of the guru's but because of the open-source spirit. If Microsoft had to pay the same amount of people that are now working together on the dev of Linux, they would be bankrupt.

  8. #8
    One of those reasons is (indeed) the widespread system.
    snatched from a post I made previously
    This is a popular myth not only amoung browsers but also Operating Systems. People believe that popularity == amount of exploitation But you have to remember that even if IE is more popular, thousands upon thousands of eyes look over Mozilla and other open source projects each and every day. This doesn't just mean that the source code is in danger because of how popular it is to the linux crowd, but also that even if IE is popular on a more roundabout percentage, the smarter and brighter people of the computer world are going to be in Linux and using Open Source web browsers (on a percentage basis) but yet their code still remains more secure overall than IE. The smarter people with the power to exploit the code, choose not too.

    So, it doesn't come down to popularity, or else Gnome and KDE would be riddled with holes. It comes down to how well a program is exploited. According to the way IE was coded, it is -very- easily exploited and thus why the attraction to continue exploiting it. Mozilla and Firefox, etc etc, have a history of being rock solid in terms of security and thus the less appeal to exploiting it (even though the source is secured by hand each day).


    Because linux is opensource and free, it's less a target to attacks.
    Some of the most secure computer programming utilities are closed source and not free:

    http://www.pgp.com/ - They started pgp, which inspired gnugp.
    http://wwws.sun.com/software/solaris/ - Quite possibly the most secure OS to ever have seen the face of networking (according to statistics of %of breakins per OS).
    http://www.kerio.com/kwf_home.html - One of the most indepth and configurable firewalls I've ever seen. With it's list of exploits being so few that it's #1 on vunerability security.
    http://www.cisco.com/ - Some of the most reobust chipset and management software avaliable for hardware firewalls and server systems.


    Closed source and free != better or more secure. It always comes down to the programers and their ethics on programming correctly and securley.

  9. #9
    Senior Member
    Join Date
    Jul 2003
    Posts
    813
    Ahem... depending to what extent you use Solaris... because I have a very legal download of Solaris 9, 3 CDs.
    /\\

  10. #10
    Banned
    Join Date
    Jul 2003
    Posts
    374
    Some more info here




    Damn dialup, me waits for nearly 2 hours to download Mozilla 1.7.1

    Using it now and i must say that it's a nice change from IE, i like the
    extra popup windows warning of sending unencrypted info over the net,
    i will mess around with it to see if any issues come up, and if not adios m$ IE.....

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •