homepage Welcome to WebmasterWorld Guest from 184.72.69.79
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Browsers / Firefox Browser Usage and Support
Forum Library, Charter, Moderators: incrediBILL

Firefox Browser Usage and Support Forum

This 37 message thread spans 2 pages: < < 37 ( 1 [2]     
Update for Windows Mozilla/Firefox
Firefox 0.9.2 and Mozilla 1.7.1 and the shell: protocol
encyclo




msg:1589198
 11:36 pm on Jul 8, 2004 (gmt 0)

A little oops from the Mozilla team which shows that even the best browsers can have bugs! The bug fix is needed because links in web pages can execute arbitrary commands on computers running Windows 2000 or XP. Here's the full details:

[mozilla.org...]

You can download the patched versions from [mozilla.org...]

<added>Just noticed, the problem also affects Thunderbird, which has a new version 0.7.2.</added>

 

Dudermont




msg:1589228
 7:01 pm on Jul 13, 2004 (gmt 0)

Well whatever anyone says, this bug just goes to show you how much faster and more security oriented mozilla is then microsoft.

As someone pointed out above but no one seemed to notice was.

Maybe it's just me, but my fully patched win2k and IE6 still open shell: links.

And I have a fully patched winXP pro and home with IE6 that still opens them.

Microsoft didn't think it was worth fixing so why would another browser designed to work with windows think that it was a big deal?

Anyways relating to this "bug" mozilla was at no point behind microsoft in security.

[sarcasm]Way to drop the ball mozilla[/sarcasm]

john_k




msg:1589229
 7:08 pm on Jul 13, 2004 (gmt 0)

Anyways relating to this "bug" mozilla was at no point behind microsoft in security.

My point was that there is no reason to feel smug about fixing something that was hanging out there for almost two years. Just fix it and move on. There will be other opportunities to take pot shots and point fingers.

Hester




msg:1589230
 9:01 am on Jul 14, 2004 (gmt 0)

They were/are developing an application to work within the context of a specific OS.

But Mozilla is multi-platform. It isn't Windows-only.

john_k




msg:1589231
 12:18 pm on Jul 14, 2004 (gmt 0)

But Mozilla is multi-platform. It isn't Windows-only.

But the version that runs on Windows is for Windows.

I'm not here to defend Microsoft. I just thought it should be pointed out that they are not the only ones that have put things off because immediate action wasn't convenient.

Yes, I think it is great that Mozilla has been modified to account for a security hole in the OS. But they should have done it when they encountered it in 2002.

There are other areas of the Mozilla effort that deserve attention as being superior to MS. There isn't any reason to manufacture attention by saying they fixed something within 24 hours of finding the problem when it is blatantly not the case.

encyclo




msg:1589232
 1:04 pm on Jul 14, 2004 (gmt 0)

john_k, as I mentioned in message #17 of this thread, I agree that the Mozilla team should have dealt with this issue earlier. The vulnerability is most definitely in Microsoft's code, but there needs to be a greater sense of responsibility from the part of third-party developers to mitigate any potential security issues in the supported OS, and try to ensure that their product is not a vector for exploiting a weakness in the underlying OS code.

On a different note, I've not seen anywhere any mention of Netscape shipping an updated version of Netscape 7.1, which is also vulnerable to this problem. There is also no mention of this problem on Netscape's website or on their "Browser Central" page. It looks to be a final confirmation that Netscape is dead as a browser company - anyone still using Netscape products should move over to the supported Mozilla equivalent immediately. Sadly, the K-Meleon project (also based on Mozilla) also does not seem to be offering advice or a fix either.

Of course, there is another browser which remains vulnerable to the shell: exploitation - Internet Explorer.

Farix




msg:1589233
 8:30 pm on Jul 15, 2004 (gmt 0)

Microsoft had finally gotten around to patching the problem on the OS, rendering the Mozilla "problem" and patch moot. But I have this nagging felling that the only reason that MS patch the problem was because Mozilla's workaround made the real security hole all too public.

bird




msg:1589234
 8:40 pm on Jul 15, 2004 (gmt 0)

If this is a bug with the OS, does this mean that every browser is vulnerable then?

not only browsers [infoworld.com].

Interestingly, Microsoft has released a patch [microsoft.com] roughly one week after the Mozilla project released theirs. Sometimes a little publicity can do wonders even in Redmond... ;)

This 37 message thread spans 2 pages: < < 37 ( 1 [2]
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Browsers / Firefox Browser Usage and Support
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved