Re: OT Firefox security leak: bogus or genuine?

To: debian-user@lists.debian.org
Subject: Re: OT Firefox security leak: bogus or genuine?
From: Jonathan Kaye <jonathan.kaye@univie.ac.at>
Date: Wed, 11 May 2005 06:58:33 +0200
Message-id: <[🔎] d5s2vi$o21$1@sea.gmane.org>
In-reply-to: <[🔎] d5r2d8$upe$1@sea.gmane.org>
References: <[🔎] d5r2d8$upe$1@sea.gmane.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

En/La Jonathan Kaye ha escrit, a 10/05/05 21:42:
| The BBC website is now carrying a story about an alleged security
| vulnerability of Firefox.
| http://news.bbc.co.uk/1/hi/technology/4532127.stm
| I checked on the "From other news sites" section of the article for
| possible sources and found this.
| http://software.silicon.com/security/0,39024655,39130254,00.htm
| I sound want to sound overly suspicious but the silicon article is
| straddled by a big advert for Windows XP SP2. The article also says,
| "Mozilla has changed its update web service and advises people to
| temporarily disable JavaScript.".
| I've just has a look around the Mozilla Firefox site and can't find
| anything about it; not even in the firefox forums where you'd expect it
| to feature prominently.
| Has anyone heard anything about this?
| Cheers,
| Jonathan
Hi Debianers,
As always, debian.users is the place to go to find out what's going on.
Thanks to all of you for your info. I've got 2 grumbles with respect of
Moz.FF.
1. Why on earth don't they have at least a link to the security
advisory, http://www.mozilla.org and/or
http://www.mozilla.org/security/#Security_Alerts on the Firefox page,
http://www.mozilla.org/products/firefox/?
This is what Openoffice does when they have a vulnerability. Maybe I'm
strange but I think most people have bookmarked the Firefox page rather
than the main Mozilla.org page so they would (like me) have no hint of
the problem. I certainly don't want to rely on the BBC for this kind of
thing.
2. If you go to the Security Advisory 2005-42 page and look at the
workaround, the first 2 procedures (Select the "Options" dialog from the
"Tools" menu, etc.) are certainly not for the Linux version of Firefox
(I'm using 1.0.3) where you go to Edit -> Preferences. Misleadingly, the
Edit -> Preferences route is mentioned 3rd under the Mozilla Suite
heading (which I don't use). I assume that the Tools -> Options route is
for Windows, yes? Does that mean the vulnerability only applies to
windows? I think not but who knows.
If anyone thinks it's worth sending these points to Mozilla, I'll be
happy to do so.
Cheers and thanks again for the info.
Jonathan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCgZD564+f0AXUe+4RAjYMAJ9ROHn+Z3xBK/xsyvG4xL7F6A0soACeIfAc
1rZRRMtcUfvoE8wlzRopQKE=
=1Qd/
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: OT Firefox security leak: bogus or genuine?
  - From: Jon Dowland <jon-dowland@ncl.ac.uk>

References:
- OT Firefox security leak: bogus or genuine?
  - From: Jonathan Kaye <jonathan.kaye@univie.ac.at>

Prev by Date: Limiting ssh scans
Next by Date: unsubscribe
Previous by thread: OT Enable/Disable Javascript in Firefox [Was: Re: OT Firefox security leak: bogus or genuine?]
Next by thread: Re: OT Firefox security leak: bogus or genuine?
Index(es):
- Date
- Thread