Wednesday, July 25th 2007

Mozilla Admits Firefox Exploit Caused By Firefox

by
HellasVagabond
 Discuss (11 Comments)
Mozilla Admits Firefox Exploit Caused By IE

Almost three weeks ago Mozilla developers issued a statement indicating that the whole Firefox-Internet Explorer exploit was caused by Internet Explorer which could trick Firefox into executing arbitrary JavaScript code. This morning, Mozilla security chief Window Snyder had to issue a retraction stating Firefox could just as easily trick Firefox into doing the same thing.

On July 10th, I posted about a security issue in URL protocol handling on Windows. In the previous example, Internet Explorer was the entry point and Firefox was the application receiving the bad data. Over the weekend, we learned about a new scenario that identifies ways that Firefox could also be used as the entry point. While browsing with Firefox, a specially crafted URL could potentially be used to send bad data to another application. We thought this was just a problem with IE. It turns out, it is a problem with Firefox as well. We should have caught this scenario when we fixed the related problem in 2.0.0.5. We believe that defense in depth is the best way to protect people, so we're investigating it now. We are working to make sure that we are giving you as much information about pressing security issues as possible. We make real-time updates as we find out new information because we are committed to an open and transparent security process.
Source: Mozilla

Related News

Add your own comment

11 Comments on Mozilla Admits Firefox Exploit Caused By Firefox

#1
ChaoticBlankness
Oh well, they're quick to fix it and Firefox has always been a solid alternative to Internet Exploder.. err... Explorer. *cough* I have no grudge with Mozilla because of this.
Posted on Reply
#2
Benpi
Alls I gotta say is, booya to all teh MS haters from teh other thread.
Posted on Reply
#3
Darknova
Aww did the average browser finally have to admit it's wrong?

Ah, just get Opera, then you'll have no problems.
Posted on Reply
#4
HellasVagabond
Well much like Cisco which blamed Apple for the mess at Duke Uni , Mozilla rushed to blame Microsoft....In both cases the allegations boomeranged back....People never learn.
Posted on Reply
#5
ChaoticBlankness
DarknovaAww did the average browser finally have to admit it's wrong?

Ah, just get Opera, then you'll have no problems.
If Opera goes Opensource.. I'll consider it.
Posted on Reply
#6
Darknova
Well that's a pretty close-minded view....it's free, it's faster, more stable, uses less memory and more secure....but it's not open-source...so that makes it bad?....
Posted on Reply
#7
ChaoticBlankness
DarknovaWell that's a pretty close-minded view....it's free, it's faster, more stable, uses less memory and more secure....but it's not open-source...so that makes it bad?....
Hmm.. slightly faster page loads, only decently better hard start if I don't choose to load Firefox resources on startup. I've used Opera version 8 and 9, and I don't like the GUI and I simply prefer software that is community development oriented.

I don't recall bashing your browser here recently? Or did I miss something?
Posted on Reply
#8
WarEagleAU
Bird of Prey
Opera is a great browser. Speedy and quick and what not. Its not popularly supported by high security websites though.


Firefox will fix the problem with the quickness
Posted on Reply
#9
Darknova
ChaoticBlanknessHmm.. slightly faster page loads, only decently better hard start if I don't choose to load Firefox resources on startup. I've used Opera version 8 and 9, and I don't like the GUI and I simply prefer software that is community development oriented.

I don't recall bashing your browser here recently? Or did I miss something?
I was not bashing your browser, what I didn't like was that you said "If Opera goes open-source..I'll consider it" as if to say that anything that isn't Open-Source is bad and evil. You didn't elaborate and hence it came off like you were bashing everything that wasn't open-source.

However, you have elaborated and I apologise if I came off harshly :)
Posted on Reply
#10
ChaoticBlankness
DarknovaI was not bashing your browser, what I didn't like was that you said "If Opera goes open-source..I'll consider it" as if to say that anything that isn't Open-Source is bad and evil. You didn't elaborate and hence it came off like you were bashing everything that wasn't open-source.

However, you have elaborated and I apologise if I came off harshly :)
Sorry for the miss communication then...

lol, and if I'd only use open source I wouldn't be doing much gaming anymore. Now there's a scary thought. *hugs battlefield 2 box* :p
Posted on Reply
#11
Darknova
ChaoticBlanknessSorry for the miss communication then...

lol, and if I'd only use open source I wouldn't be doing much gaming anymore. Now there's a scary thought. *hugs battlefield 2 box* :p
Hmmm....open-source gaming....

*level 1 complete* *please write level 2* :laugh:
Posted on Reply
Add your own comment
Dec 18th, 2024 07:48 EST change timezone

Latest GPU Drivers

New Forum Posts

Popular Reviews

Controversial News Posts