A little oops from the Mozilla team which shows that even the best browsers can have bugs! The bug fix is needed because links in web pages can execute arbitrary commands on computers running Windows 2000 or XP. Here's the full details:
Anyways relating to this "bug" mozilla was at no point behind microsoft in security.
My point was that there is no reason to feel smug about fixing something that was hanging out there for almost two years. Just fix it and move on. There will be other opportunities to take pot shots and point fingers.
But Mozilla is multi-platform. It isn't Windows-only.
But the version that runs on Windows is for Windows.
I'm not here to defend Microsoft. I just thought it should be pointed out that they are not the only ones that have put things off because immediate action wasn't convenient.
Yes, I think it is great that Mozilla has been modified to account for a security hole in the OS. But they should have done it when they encountered it in 2002.
There are other areas of the Mozilla effort that deserve attention as being superior to MS. There isn't any reason to manufacture attention by saying they fixed something within 24 hours of finding the problem when it is blatantly not the case.
john_k, as I mentioned in message #17 of this thread, I agree that the Mozilla team should have dealt with this issue earlier. The vulnerability is most definitely in Microsoft's code, but there needs to be a greater sense of responsibility from the part of third-party developers to mitigate any potential security issues in the supported OS, and try to ensure that their product is not a vector for exploiting a weakness in the underlying OS code.
On a different note, I've not seen anywhere any mention of Netscape shipping an updated version of Netscape 7.1, which is also vulnerable to this problem. There is also no mention of this problem on Netscape's website or on their "Browser Central" page. It looks to be a final confirmation that Netscape is dead as a browser company - anyone still using Netscape products should move over to the supported Mozilla equivalent immediately. Sadly, the K-Meleon project (also based on Mozilla) also does not seem to be offering advice or a fix either.
Of course, there is another browser which remains vulnerable to the shell: exploitation - Internet Explorer.
Microsoft had finally gotten around to patching the problem on the OS, rendering the Mozilla "problem" and patch moot. But I have this nagging felling that the only reason that MS patch the problem was because Mozilla's workaround made the real security hole all too public.