Oh look! A big hole in Mozilla

[STRESSTEST]

Time to get those patches boys *smirk*
http://news.com.com/Security+hole+found ... g=nefd.top

[fliptw]

You can only smirk if you use IE.

When's the last time you've seen a news post about an IE flaw with a link to the patch that fixes it?

[STRESSTEST]

actually I use Opera Another reason to smile

Honestly I don't pay much attention to IE flaw postings since I dont use the browser. But one thing I do rememeber about them is that they usually include a MS hotfix # which is easily downloaded at MS's site. That the link you are talking about? Having said that, your point seems groundless?

[fliptw]

the patch normally comes weeks after the world knew about it, after someone other than MS reveals it to the world.

I should've said the first news reports of an IE flaw.

[DCrazy]

I just think it's funny that this bug has existed for 2 years and until now the Mozilla team's response has been "go into about:config and change it yourself, you lazy bum." It's this attitude that skeeves me about Linux.

[Tetrad]

I just think it's funny that this bug has existed for 2 years

The "bug" existed for 2 years, but there hasn't been a workable exploit known until just recently. And the day that the exploit was found, a patch was released.

[Topher]

I just think it's funny that this bug has existed for 2 years

The "bug" existed for 2 years, but there hasn't been a workable exploit known until just recently. And the day that the exploit was found, a patch was released.

Which is still a day too late.
Zero day == bad
Zero day == SQL Slammer type worm
Zero day == -$$$

[fliptw]

um no, not quite, DCrazy.

you might want to read the acutal bug report

its a discussion about whitelisting external protocols.

Also of note, its not fixed in IE either.

[DCrazy]

Well, check this one out, posted the same day as yours. Launching a vbscript: URL launched IE.

Either way, the solution is NOT to tell users to disable the feature altogether in about:config, but to tell them to be on the lookout and create an option in the Preferences menu about it. After all, disabling it outright would cause descent3:// links to not function. This is a feature of the Windows OS after all, and basically it boils down to "if a program has a flaw and registers itself as a protocol, it's possible to mess with that program by sending it a malformed URL".

[STRESSTEST]

LoL, you crack me up Flip

[woodchip]

If you're using IE you better find something else:

"Some researchers had begun recommending that people worried about online security stop using the IE browser altogether."

[BUBBALOU]

If you're using IE you better find something else: "Some researchers had begun recommending that people worried about online security stop using the IE browser altogether."

Or stop surfing Pr0n, Warez, Crackz, Serialz, Cheatz, Bit Torrent, just to name a few....~!

Remember kiddies ITD's can be transmitted without using protection.

[Diedel]

Hadn't there been an Update to Opera just recently because of a security leak in it, Mr. Wiseguy Stresstest?

[Ferno]

taken care of yesterday. heh.

[Topher]

If you're using IE you better find something else:

"Some researchers had begun recommending that people worried about online security stop using the IE browser altogether."

A. We're not talking about IE security, we're talking Mozilla. So the correct, on topic response would have been "If you're using Mozilla you better get patched."

B. Even if we were talking about IE, people hate it when you tell them what's better for them without any grounds. So, you may consider saying "If you're using IE, I cordially invite you try Mozilla."

C. Give it a rest. We're not boasting which browser has a bigger cock size, we're pointing out a flaw. In fact, here is a prime example of how all browsers are just as vulnerable as IE is. Two years a known flaw goes unfixed. Imagine the rants and raves if it was in IE. But no, it's Godlike Mozilla, the holy grail of Internet browsers, world peace, cold fusion and fat free twinkies would be possible if we all used Mozilla. In this case you may consider saying "".

This lesson in Internet etiquette brought to you by "Mom's Molten Boron".

Also of note, its not fixed in IE either.

Interesting links, the last one doesn't freeze my system like it says. However, how is that different than just using file:/// urls?

[Arch]

Just to point out, Firefox has no problems on OS X Neither does Thunderbird.

[fliptw]

Interesting links, the last one doesn't freeze my system like it says. However, how is that different than just using file:/// urls?

file:// is handled internally by the browser.

the basic issue is what to do about protocols that browser doesn't handle interally, either by default or thru a plugin, in windows(since you can register protocols with specific apps), most browsers till recently handed it off to the OS to deal with.

this particular thread started because of an exploit in a specific external protocol.

[Robo]

[Vindicator]

This is the tech forum. We're allowed to be nerds in here

[Mr. Perfect]

Those nerd critters are kinda fun though.

[STRESSTEST]

Hadn't there been an Update to Opera just recently because of a security leak in it, Mr. Wiseguy Stresstest?

Im not aware of it, but probably so. I wouldn't be supprised if that is true in the least. And I don't need proof, I'll take your word for it.

The whole tone in my type was a tongue-in-cheek shot at the elitist attitudes associated (in my oppinion only) with SOME mozilla users. And to point out that nothing is perfect in the software world.

Topher I believe has summed up things very well though. Couldn't have said it better myself.

Just an FYI also Diedel, I won't allow you to start a flame war in here either. Not an accusation, just info

[MD-2389]

I guess I'm the only one here that thinks that someone finding exploits in Mozilla is a good thing....

All this will do is only make Mozilla more secure, which is a very good thing.

[STRESSTEST]

You guessed wrong

[KompresZor]

Thanks Stress.. got mine updated