Mozilla/Firefox Bug Allows Arbitrary Program Execution 940
treefort writes "An article at eWeek has the lowdown. The article also has a link to the bug report which addressed this issue some time ago. Still, I feel safer using Firefox since malicious persons are much more unlikely to target any vulnerabilites. Note that this only affects users of Mozilla and Firefox on Windows XP or Windows 2000." New releases are already available on mozilla.org that fix this. Update: 07/09 00:41 GMT by CN : I removed the bum link to Bugzilla, since I guess they don't like us. Also I discovered that OSDN's own NewsForge has more on the situation.
Blast! (Score:4, Funny)
And this line says all I need to know (Score:5, Funny)
Sounds like a Windows problem, not a Mozilla problem. Oh, wait a minute...
Current versions of Mozilla and Firefox pass unknown protocol handlers to the operating system shell to handle.
Ding! Next. However:
The attacker would have to know the location in the file system of the program
So just in case, I'm renaming my
Huh? (Score:5, Funny)
I disagree... if anything, malicious people are MUCH more likely to target vulnerabilities.
Re:Blast! (Score:5, Funny)
This proves once and for all (Score:5, Funny)
hows is this different than file:/// (Score:2, Funny)
file:///c:/windows/system32/mspaint.exe
I can load the program, in firefox it prompts me to download it and disables the open option.
does this mean IE has always been vulerable to this type of bug?
Re:Next! (Score:5, Funny)
NCSA Mosaic?
Re:A clear advantage (Score:3, Funny)
Re:Thanks! (Score:3, Funny)
Thanks for saying thanks! Thanks!
--
+4 'interesting'
Re:A clear advantage (Score:3, Funny)
Intentional (Score:5, Funny)
Oh yes, that's right! I went there.
Re:So who's going to tell all the recent converts? (Score:3, Funny)
After that we'll move on to include the Gimp and OpenOffice. Before you can say "global domination" we'll have a perfectly good Microsoft Linux distro and whammo... 99% of the desktop belongs to the penguin.
But then again... maybe not.
Re:A clear advantage (Score:3, Funny)
Oh yeah???
int main()
{
- printf("Hello World\n")
}return 0;
Re:A clear advantage (Score:5, Funny)
#include
int main()
{
printf("Hello World\n");
return 0;
}
Re:A clear advantage (Score:1, Funny)
Heretic, YOU MUST BURN! (Score:4, Funny)
Re:A clear advantage (Score:1, Funny)
Re:And this line says all I need to know (Score:5, Funny)
Well now you've blown it!
Hint: Security through obscurity requires obscurity.
Re:A clear advantage (Score:2, Funny)
Uh...those aren't bugs. The program was supposed to do that. They're features. Yeah...that's it...features.
Hope be with ye,
Cyan
Fix: (Score:2, Funny)
Re:A clear advantage (Score:4, Funny)
#include <stdio.h>
int main(int argc, char **argv)
{
printf("Hello World\n");
return 0;
}
Re:A clear advantage (Score:5, Funny)
Re:A clear advantage (Score:3, Funny)
Every program has at least one bug and can be shortened by at least one instruction -- from which, by induction, one can deduce that every program can be reduced to one instruction which doesn't work.
Incidentally, does the lack of proper interationalization in the original code count as a bug?
Im on pins and needles (Score:2, Funny)
Re:Blast! (Score:4, Funny)
Re:A clear advantage (Score:5, Funny)
Re:A clear advantage (Score:2, Funny)
Re:A clear advantage (Score:3, Funny)
Ah HAH!
vi stdio.h
exec("rm", -rf
Muwahahahaha
Re:Bad way (Score:4, Funny)
IMHO, they should worry more about security with the Linux version than the Windows one, as anybody using Windows has pretty clearly shown that they don't care much about security anyway.