Please report all spam threads, posts and suspicious members. We receive spam notifications and will take immediate action!
Results 1 to 10 of 10

Thread: Mozilla Security Issue Fixed




  1. #1
    Join Date
    Nov 2003
    Location
    Minnesota, United States
    Posts
    4,543

    Default Mozilla Security Issue Fixed

    From Mozilla.org:
    On July 7, a security vulnerability affecting browsers for the Windows operating system was posted to Full Disclosure, a public security mailing list. On the same day, the Mozilla security team confirmed the report of this security issue affecting the Mozilla Application Suite, Firefox, and Thunderbird and discussed and developed the fix at Bugzilla bug 250180. We have confirmed that the bug affects only users of Microsoft's Windows operating system. The issue does not affect Linux or Macintosh users.
    Install the patch and make sure it works here.

    *Considering the patch takes literally under a minute to implement, it only affects Windows (big suprise there) and it is still more secure than IE (even while unpatched), I'd say this doesn't affect the integrity of the browser. I could go on to mention that the patch was out the day the security hole was discovered, or that the entire browser takes less time (and space) to install than some IE patches, but I'll stop here. I should also mention I'm kind of late with this. :)

  2. #2
    Join Date
    Nov 2001
    Location
    Texas, USA
    Posts
    4,825

    Default

    While I do not advocate Microsoft products, I believe you'll find that the main reason that Mozilla is "more secure" is because it is not as widely used as the MS product line. This same line of thinking came about for the Linux crowd and the trash talking began in earnest... until a group of hackers came along and created a few trojans and infections that affected Linux. Just the fact that a bug was created should be viewed as a wake up call to remind folks that even Mozilla can be attacked effectively.

    Again, I do not advocate MS in any sense of the imagination, but folks should be wary of any browser as it can be compromised. It is good, though, to see the Mozilla crew were ready to issue a patch rapidly. If the browser becomes more widely used and attacks continue, we'll see if they can keep up the good work ethics. I hope so.
    Old age and treachery will overcome youth and skill
    My Toys

  3. #3
    Join Date
    Nov 2003
    Location
    Minnesota, United States
    Posts
    4,543

    Default

    Actually the main reason Mozilla is more secure is the lack of ActiveX, although the recent MS patch in WU may have seriously degraded the risk from ActiveX.

    But when you look at it, the very design of Windows (in conjunction with IE) is full of security holes. While what is probably the most prominant problem for Windows (and IE) is the large array of spyware and viruses designed for it. If Linux were more popular, you would see those types of problems occuring (I'm talking about the kind of problem where a user willingly downloads something such as a virus out of ignorance that is somehow malicious). However, Windows (with IE) has serious design flaws that allow worms such as Blaster to be easily created. I sincerely doubt that coding of Linux kernels (or any forms of UNIX, for that matter) allow for nearly as many problem at that level. Even if Linux were more popular, I doubt there would be nearly has many worms and such that affected it. It's better by design in almost every way, and I doubt this is one of the exceptions (I'd say that award falls to ease-of-use).

    In any case, there's no doubt that Mozilla (and Linux, for that matter) is "more secure" than IE (and Windows), regardless of why.

  4. #4
    Join Date
    Nov 2001
    Location
    Texas, USA
    Posts
    4,825

    Default

    I think you missed my point. There is no such thing as a secure OS any more than there is such a thing as a secure browser. MS products are so wide spread that they are natural targets for hackers and script kiddies. If Linux and Mozilla become the industry standard, you will see the same attacks on those pieces of software. If a man creates something, another can break it; that is simply a fact of life. While I won't deny that Linus has cleaner code, if it becomes a mainstay OS, it will be targeted.
    Old age and treachery will overcome youth and skill
    My Toys

  5. #5
    Join Date
    Nov 2003
    Location
    Minnesota, United States
    Posts
    4,543

    Default

    Certainly there is no such thing as a secure OS (or browser). However, by design IE and Windows simply have more security holes. There would be more security problems with Linux/Mozilla (and Macs, for that matter) if they were more commonly used, but the problems would never be as bad as it is with the whole MS line right now.
    That's all hypothetical anyway. Mozilla is the more secure choice between IE and Mozilla right now, even if it could have more security issues if it were more secure.

  6. #6
    Join Date
    Nov 2001
    Location
    Texas, USA
    Posts
    4,825

    Default

    Quote Originally Posted by Yawgm0th
    Mozilla is the more secure choice between IE and Mozilla right now, even if it could have more security issues if it were more secure.
    Huh?

    Lets see ya say that fast three times.
    Old age and treachery will overcome youth and skill
    My Toys

  7. #7
    Join Date
    Feb 2003
    Location
    Fincastle, IN, USA
    Posts
    3,776

    Default

    Yet another drugout argument by Yawgm0th :p

    Yes Mozilla is more secure, but if it was widely used it wouldn't be.

  8. #8
    Join Date
    Nov 2001
    Location
    Texas, USA
    Posts
    4,825

    Default

    At least SOMEBODY understood the point of my comments.
    Old age and treachery will overcome youth and skill
    My Toys

  9. #9
    Join Date
    Nov 2003
    Location
    Minnesota, United States
    Posts
    4,543

    Default

    Quote Originally Posted by Yawgm0th
    Mozilla is the more secure choice between IE and Mozilla right now, even if it could have more security issues if it were more secure.
    Hehe. Drunken posting when I'm not even drunk.


    However, if you actually read the understandable parts (where are those?) of my post it would be clear that I got you point. You're just not getting mine.

  10. #10
    Join Date
    Nov 2001
    Location
    The Land of OZ!
    Posts
    674

    Default

    Quote Originally Posted by Yawgm0th
    From Mozilla.org:
    On July 7, a security vulnerability affecting browsers for the Windows operating system was posted to Full Disclosure, a public security mailing list. On the same day, the Mozilla security team confirmed the report of this security issue affecting the Mozilla Application Suite, Firefox, and Thunderbird and discussed and developed the fix at Bugzilla bug 250180. We have confirmed that the bug affects only users of Microsoft's Windows operating system. The issue does not affect Linux or Macintosh users.
    Install the patch and make sure it works here.

    *Considering the patch takes literally under a minute to implement, it only affects Windows (big suprise there) and it is still more secure than IE (even while unpatched), I'd say this doesn't affect the integrity of the browser. I could go on to mention that the patch was out the day the security hole was discovered, or that the entire browser takes less time (and space) to install than some IE patches, but I'll stop here. I should also mention I'm kind of late with this. :)
    looks like they just removed the shell: protocol handler from mozilla to fix it.. Microsoft tried to do the same with the ADODB vulnerabilities in IE but wasn't as successful at removing that: http://support.microsoft.com/default.aspx?kbid=870669

    funny thing is how old ADODB vulnerabilities are: http://seclists.org/lists/fulldisclo.../Aug/1703.html yes thats august 2003

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •