Mozilla and Firefox flaws exposed

**Robert** · January 8, 2005

Mozilla and Firefox users were warned of a number of potentially troublesome security vulnerabilities this week.

The most serious flaw involves a buffer overflow bug in the way Mozilla processes the NNTP (news) protocol. The bug creates a means for hackers inject hostile code into vulnerable systems, providing they trick users into executing maliciously constructed news server links. All versions of Mozilla prior to 1.7.5 are affected. Firefox users are advised to make sure they are running version 1.0 to minimise any risk. The flaw was discovered by Maurycy Prodeus of Polish firm iSEC Security Research.

Next up, Secunia has discovered a flaw that creates a means to spoof the source displayed in the Firefox's download dialog box. The vulnerability has been confirmed in Mozilla 1.7.3 for Linux, Mozilla 1.7.5 for Windows, and Mozilla Firefox 1.0. Other versions may also be affected, Secunia warns. It advises Firefox users to avoid download links from untrusted sources pending the availability of patches from the Mozilla project.

Finally, there's a less serious problem affecting Firefox and its email client Thunderbird. Security researchers have found that temporary files are stored by the popular packages in a format that makes it possible for snoops to read the content of downloads and attachments of other users on the same machine.

An overview of these flaws and suggested workarounds can be found here

NeuronMaster · January 8, 2005

Thanks for the news, I appreciate it.

Samurai Edge · January 8, 2005

Well. I think IE is still better. The only IE flaw I encounter is that I CAN'T SAVE MY SCORES IN THE 1EMU ARCADE!!!

**Agozer** · January 8, 2005

Well. I think IE is still better. The only IE flaw I encounter is that I CAN'T SAVE MY SCORES IN THE 1EMU ARCADE!!!

Kill the heathen. Now. Seriously, why do you think that?

taratata · January 8, 2005

Well. I think IE is still better. The only IE flaw I encounter is that I CAN'T SAVE MY SCORES IN THE 1EMU ARCADE!!!
<{POST_SNAPBACK}>

If that was the only flaw, you could call Schwartznegger "princess".

**Robert** · January 8, 2005

Well. I think IE is still better. The only IE flaw I encounter is that I CAN'T SAVE MY SCORES IN THE 1EMU ARCADE!!!

I have no problem with that. Any game in particular?

**Sybarite Paladin AxL** · January 8, 2005

my downloads flock up with firefox almost all the time, they finish when they aren't suppose to....

**Agozer** · January 8, 2005

my downloads flock up with firefox almost all the time, they finish when they aren't suppose to....

Rarely happens to me, but I do get timeouts, thanks to borked servers.

ForceX · January 8, 2005

You have to be a fool to believe that IE is more secure than Firefox. Everyone knows IE is riddled with flaws, which can be quite easily exploited.

Although, Firefox has some flaws it is much better and secure than IE.

**Gryph** · January 8, 2005

And fixes for these exploits will probably be out soon.

Sign In

Mozilla and Firefox flaws exposed

Recommended Posts

Robert

Link to comment

Share on other sites

NeuronMaster

Link to comment

Share on other sites

Samurai Edge

Link to comment

Share on other sites

Agozer

Link to comment

Share on other sites

taratata

Link to comment

Share on other sites

Robert

Link to comment

Share on other sites

Sybarite Paladin AxL

Link to comment

Share on other sites

Agozer

Link to comment

Share on other sites

ForceX

Link to comment

Share on other sites

Gryph

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Browse

Activity