User Tag List

Informational! Informational!:  0
Likes Likes:  0
Results 1 to 5 of 5

Thread: More flaws in mozilla

  1. #1

    Join Date
    Sep 2002
    Location
    Central Coast of California
    Posts
    3,928
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Post

    Here is (One of, not the one with the code ITSELF,) the quote that a few people asked me for earlyer...

    Quote Originally Posted by [b
    Quote[/b] (More flaws in Mozilla Netscape @ http://informationsecurity.techtarge...?Offer=SEint94 )]
    Mozilla users are advised to visit Http://www.Mozilla.org and download the latest version of the browser to fix a vulnerability an attacker could use to execute arbitrary code. Reston, Va.-based antivirus firm iDefense said in an advisory that improper input validation to the SOAPParameter object constructor in Netscape and Mozilla allows execution of arbitrary code. "The SOAPParameter object's constructor contains an integer overflow which allows controllable heap corruption," the advisory said. "A Web page could be constructed to leverage this into remote execution of arbitrary code." Netscape 7.0 and 7.1 have been confirmed to be vulnerable. Mozilla 1.6 is also vulnerable, and iDefense suspects earlier versions of both browsers may also be vulnerable. "Netscape 7.1 is the latest version of Netscape available. Netscape has not released any information indicating they are intending to release future versions of the Netscape browser, and no longer have any developers working on this project," the advisory said. The latest release of the Mozilla browser is not affected by this vulnerability. The company said users could also disable Javascript in the browser as a workaround.
    Told ya the old Mozilla DID have flaws [img]http://www.**********.com/iB_html/non-cgi/emoticons/new/smile.gif[/img] (Yes, I DID mix Gozilla up with Mozilla, but I DID remember using the old browser (But again, mixed it up with Gozilla) and having problems... and someone questioned me about it in the topic... So here ya go [img]http://www.**********.com/iB_html/non-cgi/emoticons/new/smile.gif[/img] Posted this to clear up some earlier confusion

  2. #2
    O:-) trashcan's Avatar
    Join Date
    Sep 2001
    Location
    BFE
    Posts
    1,119
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No one said Mozilla did not have a flaws. You said it had spyware, which was incorrect and you apologized for saying so.

    There is a flaw in the new versions of Mozilla (and derivatives). No way to tell if that's what you're talking about since you posted a link to a site that requires subsriptions. There is already a patch out to fix this problem. If you'd like to read interesting articles about browser security, how about this one:
    "The U.S. government's Computer Emergency Readiness Team (US-CERT) is warning Web surfers to stop using Microsoft's Internet Explorer (IE) browser."

  3. #3

    Join Date
    Sep 2002
    Location
    Central Coast of California
    Posts
    3,928
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Post

    Doh... Well not in a post, but I did to someone in a PM [img]http://www.**********.com/iB_html/non-cgi/emoticons/new/smilie4.gif[/img]

    Ok I'm lost now [img]http://www.**********.com/iB_html/non-cgi/emoticons/new/confused.gif[/img]

    I'll take a look at that warning about IE site... But I didn't say anything about it not having flaws or spyware...

  4. #4
    drosera guy
    Join Date
    Apr 2003
    Location
    Düsseldorf, Germany
    Posts
    310
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Why are you attacking Mozilla all the time? The makers deserve support! In IE most vulnerabilities are well known until they get patched months later. There are still several known security holes in IE every hacker could use to run code on your machine. If the Mozilla Foundation gets to know a bug in their code they fix it at once and warn everyone. And thats the difference which really counts. Microsoft uses the old "security through obscurity" method which cannot work if there are people outside in the web who know the attack points.

    Because of that the CERTs of the USA, most European countries and more countries througout the world say that it is a good idea to leave IE behind and change to Mozilla or Opera.

    BTW: No software product in that complexity can be flawless! Some are coded in a safer way, some have bigger holes (IE). But the important thing is the way to deal with those security risks.

    Jan

    P.S. Opera is not open source but very good, too. Mozilla is a bit more secure because everyone can check the sources.

  5. #5

    Join Date
    Sep 2002
    Location
    Central Coast of California
    Posts
    3,928
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I do not feel like arguing right now, i am just posting somethign SOMEONE ASKED ME FOR. right now, i could blow through the roof on other... matters... so ill dismiss this, for now.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •