I didn't see this posted anywhere, but How to attack firefox code has been posted on the net. Firefox has a patch available, but Netscape which is based on firefox hasn't.
Printable View
I didn't see this posted anywhere, but How to attack firefox code has been posted on the net. Firefox has a patch available, but Netscape which is based on firefox hasn't.
I thought Firefox was based on Netscape and not the other way around? And Mozilla must be included somewhere in this all too. :)
The latest version of netscape is built on java, not the mozilla engine like it used to... and is capable of emulating both Firefox engine, and IE6 engine. You can pick which engine to use from within the browser.
Is anyone else wondering how this flaw with different charactars being allowed, lets people run arbitrary code? So far I havent found anything technical, only news articals like this one.Quote:
The flaw lies in the way the browsers handle International Domain Names, which are web addresses that use international characters [/B]
I am interested in the other firefox flaw: allowing a buffer-overrun to happen when a long url is passed to firefox using the shell. I read when you using evolution email program that includes an url to pop open a firefox session, a long url can trick firefox to crash. Is this the exploit everyone is talking about? When I first read the article, I remembered the Unicode exploit Microsoft browsers had in the past. History repeating itself. Mozilla is just like President Bush....I will take you to war but don't blame me for crap, never ever.