Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: incrediBILL
SecurityFocus has released a security warning with three problems that affect Mozilla on all platforms. The first issue allows the source of a download to be spoofed, generating a fake URL. This security issue is really easy to replicate: Create a long URL and the downloading box will only display its ending (Mozilla and Firefox). The second issue was created by the way that Mozilla's browsers handle news:// links to newsgroups, hackers can easily create false links and create a buffer overflow (Mozilla 1.7.5 and below, Firefox versions before 1.0). The third exploit affects machines with multiple users. The way that Firefox and Thunderbird store files allows every user to see them and to probably catch the other user's surfing habits (Firefox and Thunderbird). Let's hope that these will be fixed soon!"
From the 2nd link above - the ZDNet article:
One reader even took issue with the claim that Firefox is inherently more secure than IE. "Firefox may offer some 'security through obscurity', but once it gets to any sort of critical mass then it will be targeted. Since the hackers have the source code their lives will be that much easier, and when a patched version is released it will be easy for them to see where the vulnerability is and target older versions," said one London-based IT worker.
I've heard this argument before - in this very forum. It sounds right, on the surface, but I don't think it is. Time will tell, of course, but the kinds of liabilities IE has given us, where just visiting a web page downloads a worm and so on, are not likely to be found in Moz/Firerox.
Of necessity any non-MS browser is not so tightly tied to the operating system the way IE is - and that "integration" is the source of many vulnerabilities. So while it is true that a higher market share will bring more attempted exploits, I still doubt we'll see the same severity of security problems that have plagued Internet Explorer.
So, here's where it gets interesting to me. Whatever I read, I like to look under the surface a bit for the hidden motivation, the roots.
I'm hoping this forum can be a place where do exactly that, and sort out the spin for what it is - wherever it originates.
These two new ones aren't exactly critical vulnerabilities either...
Hackers don't need access to the source code to exploit vulnerabilities (if they did IE would be totally safe) so the argument that this makes Firefox weaker than IE is completely false.
Totally agreed. After all, Apache seem to be doing quite nicely.
Once the browser reads the redirect, there is no way to load the old page, even if the redirect instruction is no longer there on the server.
If you are testing htaccess files it can be a nightmare!
Maybe some other user could corroborate this problem in another platform.