« Slow News Week? | Main | Upgrade Your Friends! »
April 18, 2005
Mozilla Security Flaws
Looks like the flaws have been released. As some might notice, 2 were located in my plugin finder code (one was reported, the other I found combing my code based on the reported issue. For some reason they are listed as one issue, even though the 2 are in different parts of the code). Here is a tip - don't use setAttribute with a value that came from a web page - injection is really easy.
I also discovered the popup blocker issue, which means I am just down one :)
So the moral of the story is, people shouldn't be saying we are more secure than IE. We just can react faster, and that does make a difference.
Posted by doron at April 18, 2005 7:12 PM
Comments
If security is a process rather than a product, wouldn't Firefox be more secure than IE?
Posted by: Simplex at April 18, 2005 8:40 PM
for a full list go to
http://www.mozilla.org/projects/security/known-vulnerabilities.html
Posted by: Chris at April 18, 2005 8:52 PM
A piity those weren't fixed on trunk, forcing us to browse in a paranoid manner
Posted by: Peter van der Woude at April 18, 2005 11:59 PM
I have no problem if people, who claim that mozilla is more secure will also create and checkin the fixes when the security breaches occure. But somehow people get only tight lipped when they get cvs write permission.
Posted by: Bernd at April 19, 2005 12:55 PM
5 years is a "fast reaction".. ha?
http://www.nd.edu/~jsmith30/xul/test/spoof.html
Posted by: SomeOne at April 23, 2005 4:01 PM