[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: browser security flaws not being addressed

Quoting paul <paula4l@access4less.net>:

> I'm surprised it's taking so long for the mozilla (and opera) folks to  
> address these security issues, which sound pretty severe, if you're doing  
> banking and such on line.
> 
> http://www.theregister.co.uk/2005/02/07/browsers_idn_spoofing/
> 
This one has already been addressed:
http://slashdot.org/article.pl?sid=05/02/15/1922215&from=rss
http://news.netcraft.com/archives/2005/02/15/firefox_to_disable_idn_support_as_phishing_defense.html
http://www.mozillazine.org/talkback.html?article=6073

> http://itmanagement.earthweb.com/secu/article.php/3440971
> 
This one has already been fixed:

https://bugzilla.mozilla.org/show_bug.cgi?id=237977
https://bugzilla.mozilla.org/show_bug.cgi?id=271716


> The way firefox came out with newspaper adds claiming a more secure  
> browser gave me the impression they planned on keeping firefox updated  
> with security patches, as exploits occurred.  In fact, they even have a  
> button in the preferences that let's you check for and install patches.   
> But, here we are, months after these flaws were revealed and still  
> nothing.  It's the same as $M.
> 
That seems a bit inflamatory.  Especially since both have already been
properly addressed.

> At least, they would have published a notice and let people know to be  
> cautious in how they go to a site, but nothing.

You should already have a care with what sites you visit.  No offense, but do
you trust every site you visit with reponsible use of client side scripting?
Think about it.  Javascript is an invitation for some remote host to execute
code on your local machine.  That is not the sort of invitation you want to go
around extending indiscriminately.

-Roberto

-- 
Roberto C. Sanchez
http://familiasanchez.net/~sanchezr
Reply to: