homepage Welcome to WebmasterWorld Guest from 54.204.68.109
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld
Visit PubCon.com
Home / Forums Index / Browsers / Firefox Browser Usage and Support
Forum Library, Charter, Moderators: incrediBILL

Firefox Browser Usage and Support Forum

    
Mozilla and Firefox flaws exposed
Imaster




msg:1588062
 7:32 pm on Jan 7, 2005 (gmt 0)

SecurityFocus has released a security warning with three problems that affect Mozilla on all platforms. The first issue allows the source of a download to be spoofed, generating a fake URL. This security issue is really easy to replicate: Create a long URL and the downloading box will only display its ending (Mozilla and Firefox). The second issue was created by the way that Mozilla's browsers handle news:// links to newsgroups, hackers can easily create false links and create a buffer overflow (Mozilla 1.7.5 and below, Firefox versions before 1.0). The third exploit affects machines with multiple users. The way that Firefox and Thunderbird store files allows every user to see them and to probably catch the other user's surfing habits (Firefox and Thunderbird). Let's hope that these will be fixed soon!"

For more, read
- Mozilla and Firefox flaws exposed [theregister.co.uk]
- Firefox flaw sparks a fiery debate [news.zdnet.co.uk]

 

tedster




msg:1588063
 8:51 pm on Jan 7, 2005 (gmt 0)

Thanks Imaster. It comes as no surprise that there are vulnerabilities (any browser IS software, after all) and I'm glad they're being uncovered. And given the Moz developers' track record, they'll be patched in short order, I hope.

From the 2nd link above - the ZDNet article:
One reader even took issue with the claim that Firefox is inherently more secure than IE. "Firefox may offer some 'security through obscurity', but once it gets to any sort of critical mass then it will be targeted. Since the hackers have the source code their lives will be that much easier, and when a patched version is released it will be easy for them to see where the vulnerability is and target older versions," said one London-based IT worker.

I've heard this argument before - in this very forum. It sounds right, on the surface, but I don't think it is. Time will tell, of course, but the kinds of liabilities IE has given us, where just visiting a web page downloads a worm and so on, are not likely to be found in Moz/Firerox.

Of necessity any non-MS browser is not so tightly tied to the operating system the way IE is - and that "integration" is the source of many vulnerabilities. So while it is true that a higher market share will bring more attempted exploits, I still doubt we'll see the same severity of security problems that have plagued Internet Explorer.

physics




msg:1588064
 9:02 pm on Jan 7, 2005 (gmt 0)

Hackers don't need access to the source code to exploit vulnerabilities (if they did IE would be totally safe) so the argument that this makes Firefox weaker than IE is completely false.

gdrumm




msg:1588065
 9:13 pm on Jan 7, 2005 (gmt 0)

I've used FireFox exclusively for the past few months and I love it. I've only had a couple of sites that won't work because of it, but other than that it's great!

With regards to hackers, whadaya gonna do? No browser is gonna stop 100% of it.

justgowithit




msg:1588066
 9:15 pm on Jan 7, 2005 (gmt 0)

Moz and FF will start getting some heat as they gain popularity and will understand first hand what IE has had to endure all these years.

The true test of quality will be the speed at which a problem is recognized and corrected.

tedster




msg:1588067
 9:42 pm on Jan 7, 2005 (gmt 0)

Also a factor in market success - which organization is better at spin and playing the media. Here's where mediocre products can still previal despite the fact that there are better alternatives. We've seen it over and over, in technology and elsewhere in the market.

So, here's where it gets interesting to me. Whatever I read, I like to look under the surface a bit for the hidden motivation, the roots.

I'm hoping this forum can be a place where do exactly that, and sort out the spin for what it is - wherever it originates.

bryholmsen




msg:1588068
 9:45 pm on Jan 7, 2005 (gmt 0)

justgowithit, there have been security holes in Mozilla/FF in the past, so it's not like no one has been looking for them before. How secure a browser is doesn't depend on how widely used it is. And with the $500 bounty on security flaws found in Mozilla, I'm sure more people than ever before are trying to find new ways to compromize Firefox. Money is always a nice incentive.

These two new ones aren't exactly critical vulnerabilities either...

paybacksa




msg:1588069
 2:09 am on Jan 8, 2005 (gmt 0)

every serious coder I know is willing to go to great lengths for the $500 *and* the claim of having submitted/been-paid for a Mozilla bug. It's a nice bounty.

Namaste




msg:1588070
 3:58 pm on Jan 8, 2005 (gmt 0)

but these are both bugs from older versions. They were removed by Mozilla themselves.

Mozilla, should add an "auto-update" feature to their browsers that automatically update to the latest versions.

tenerifejim




msg:1588071
 5:59 pm on Jan 8, 2005 (gmt 0)

Hackers don't need access to the source code to exploit vulnerabilities (if they did IE would be totally safe) so the argument that this makes Firefox weaker than IE is completely false.

Totally agreed. After all, Apache seem to be doing quite nicely.

RammsteinNicCage




msg:1588072
 2:52 am on Jan 9, 2005 (gmt 0)

They don't NEED the source code, but wouldn't having it make it easier - assuming you know how to read it, of course?

Jennifer

paulroberts3000




msg:1588073
 2:25 pm on Jan 9, 2005 (gmt 0)

Mozilla, should add an "auto-update" feature to their browsers that automatically update to the latest versions.

This is already there in firefox 1.0

Kukenan




msg:1588074
 9:19 pm on Jan 11, 2005 (gmt 0)

I dont know wether this is related to this thread but Firefox (Mac OSX version) seems to have a bug regarding 301 redirects.

Once the browser reads the redirect, there is no way to load the old page, even if the redirect instruction is no longer there on the server.

If you are testing htaccess files it can be a nightmare!

Maybe some other user could corroborate this problem in another platform.

kaled




msg:1588075
 12:18 am on Jan 12, 2005 (gmt 0)

If I understand you correctly, clearing the cache would probably work.

Kaled.

Kukenan




msg:1588076
 3:15 pm on Jan 12, 2005 (gmt 0)

It does! What a fool I am.

However, perhaps a simple reload should be enough for this..?

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Browsers / Firefox Browser Usage and Support
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved