|
-
March 23rd, 2005, 11:39 PM
#1
 Mozilla and Firefox GIF Image Overflow Vuln Announced 3/23/05!
Crap, more and more are picking apart Mozilla - my favorite browser. Well at least they are getting discovered so we are aware of the issues and are getting fixed.
I'm concerned as to how easily exploitable is this seeing how it could be very pervasive and spreadable (re.; via ad banners for example, or small invisible GIFs in emails). 
Details....
-
March 23rd, 2005, 11:52 PM
#2
<rant-on>
Sigh. I just updated both Firefox and Thunderbird. Why on earth can the program not ask if you want to remove the old version before updating/installing?! I don't need freakin' 6 installations of various versions! And by removing the old version the new version was removed so I had to re-install the new version.
<rant-off>
-
March 24th, 2005, 12:04 AM
#3
in the context of the user running the application
ACK! <----- Bill the cat impersonation.
West of House
You are standing in an open field west of a white house, with a boarded front door.
There is a small mailbox here.
-
March 24th, 2005, 12:09 AM
#4
It is my favorite browser too. It is still nice that vulnerabilities are exposed and patched... this is the most important thing... Things could have been worst if no security responces were in place...
This problem is basically very simillar to an relatively old IE vulnerability... This shoratge has been exploited to excute arbitrary code and DoS attackes..
BTW, I could not know what an Arbitrary code is??
Cheers
\"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster
-
March 24th, 2005, 12:12 AM
#5
MSM, Firefox seems to work fantasitc when upgraded from within the browser, using Tools/Options.
West of House
You are standing in an open field west of a white house, with a boarded front door.
There is a small mailbox here.
-
March 24th, 2005, 12:14 AM
#6
I actually had clicked on their update icon on the browser (rather than going through Tools/Options). It was a red upwards arrow at the top right. Why should there be a difference? Wouldn't it be using the same thing?
-
March 24th, 2005, 12:17 AM
#7
Well considering I JUST updated it via the Tools menu then restarted FireFox and I still get the red ICON I woould say... hmmm?
Closing browser and investigating. See ya in a bit.
/EDIT. Must be some issue with the flag. I still got the Arrow but when I clicked it there was no update available after the software accessed firefox update. I chose custom and accepted the recorded defaults. Perhaps if you choose the other option it installs a new copy? Many open source products use the latest build as the directory name and you end up having to change the name to a generic one or choosing custom name the first time otherwise you get /Program1 then /program2 etc. Beats me, though just guessing. 
West of House
You are standing in an open field west of a white house, with a boarded front door.
There is a small mailbox here.
-
March 24th, 2005, 12:26 AM
#8
Yes, RoadClosed...investigate ! I just downloaded off their site but haven't uploaded it yet...tell me if it makes a difference, inquiring minds want to know!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
