Mozilla security flaw [Archive] - Glock Talk

PDA

View Full Version : Mozilla security flaw


Jack T.
07-09-2004, 18:20
http://mozilla.org/security/shell.html

Found on July 7. Patch released on July 8

David_G17
07-09-2004, 18:23
... vulnerability affecting browsers for the Windows operating system...

step one.

HerrGlock
07-09-2004, 22:17
Originally posted by David_G17
step one.

~1 ~2 ^b

DanH

hapuna
07-09-2004, 22:21
It is a dirt simple fix!!!:cool:

Harlequin
07-10-2004, 06:08
It was bound to happen eventually. At least it's only happened to them once and not once a week like with IE. You can bet they will be more careful now.

HerrGlock
07-10-2004, 06:31
Originally posted by Harlequin
It was bound to happen eventually.

No, it happens with all software, more often than anyone would like. Two things tend to lessen the number or severity of vulnerabilities:

1) If the software is made by hackers it tends to be more secure. These people are paranoid about their own stuff and make sure anything they write has gone through every check they know about. Sometimes the vulnerability only manifests if it is running in conjuction with other software that the writers do not have on their systems. When you find a vulnerability that is only for one OS, it's usually not the program that is actually vulnerable, it's the combination of programs or a vulnerability in the OS proper that is only there with the calls the software makes. Sometimes the home brewed and community written software takes longer to get out but when it does come out, it tends to be more stable than stuff that had to meet some arbitrary deadline.

2) Look at the time from finding the vulnerability Vs the patch or fix. There are some software writers that take their time getting something out to patch it. The claims "It needs testing" is not an excuse for waiting six months to get a root/admin level vulnerability fixed. Get people to work 24/7 and make sure it's tested NOW and get the patch out NOW. Also, threatning to sue anyone who publishes a vulnerability for your software before you have a fix out is not right!

All software will have vulnerabilities. OpenBSD has had exactly one root level exploit in its default install in 10 years. They don't give you the latest and greatest, it's usually a generation behind what's out on the streets now, but it's secure.

Okay, more coffee needed so I can actually make sense today.

DanH