Security Issues in Mozilla

paulius_g writes "SecurityFocus has released a security warning with three problems that affect Mozilla on all platforms. The first issue allows the source of a download to be spoofed, generating a fake URL. This security issue is really easy to replicate: Create a long URL and the downloading box will only display its ending (Mozilla and Firefox). The second issue was created by the way that Mozilla's browsers handle news:// links to newsgroups, hackers can easily create false links and create a buffer overflow (Mozilla 1.7.5 and below, Firefox versions before 1.0). The third exploit affects machines with multiple users. The way that Firefox and Thunderbird store files allows every user to see them and to probably catch the other user's surfing habits (Firefox and Thunderbird). Let's hope that these will be fixed soon!"

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Umm....

[SomeoneGotMyNick]

Partially related to that concept, I was using an XP system (no SP2 installed) where I didn't have admin rights. I was looking for a file that was in another user's documents folder. The operating system prevented me from browsing the folder through Explorer.

When I did a Search for the file, the search window gladly displayed the file in question (from their documents folder) and allowed me to copy it to my documents folder.

Re:Misleading Article

[smc13]

Wrong. The first issue affects the current version. If you clicked on the link you would have noticed this:

Software: Mozilla 1.7.x
Mozilla Firefox 1.x

How can his post be rated informatve when it isn't true?

Re:A fix?

[recursiv]

Go to http://secunia.com/advisories/13599 [secunia.com] and it says: Solution Status: Unpatched

Why is everyone saying these are fixed?

Re:Sounds like good news to me

[Anonymous Brave Guy]

But, unlike IE, these aren't 'You open a web page and your machine is taken over as a spam zombie' vulnerabilities. They should be fixed, but are less serious than the usual IE bugs...

If you can have buffer over-run vulnerabilities in your C++ app, then you are potentially vulnerable to absolutely anything. The fact that even one exists, even in a beta development, betrays fundamentally flawed coding standards and/or QA procedures. These things should never happen in a C++ app, and the coding techniques to prevent them are trivial.

and they'll likely be fixed a lot faster.

Easy, tiger. As others have pointed out, most exploits of Windows/IE systems use vulnerabilities that MS patched months ago, and when critical ones do come up, patches usually do appear (with much hype) PDQ.

Re:Umm....

[parkrrrr]

But, thanks to the way the Windows runs, everyone pretty much need to be an Administrator to do things like, idk, run a CD-Burning app...

I've had everyone on my XP SP2 machine running as a "limited" user for quite a while, and so far the only application I've seen that didn't work properly was the latest version of Palm Desktop. (it has to be installed by an admin, but puts all of its settings in HKEY_CURRENT_USER. So it has to be installed by whoever needs to run it. So you have to promote any user who needs it to admin, log on as that user, install the application, then demote the user back to limited. God help you if you have more than a couple users. And we wonder why PalmOS is losing ground to WinCE.)

I know it was an off-the-cuff example, but Nero's BurnRights handles the CD-burning problem for Nero users. Users of other commercial software should consult their software vendor. Users of the Microsoft CD-burning "solution" are part of the problem. Users of cdrecord and cdrdao should look into the available documentation on Windows services and gin up something equivalent to BurnRights on their coffee break.

... so a knowledgable user could change the permissions and look inside.

You can prevent administrators from changing the permissions on your files. Administrators can still take ownership of your files, giving themselves "full control" permissions along the way, but they can't give them back so there's a fairly obvious audit trail if they go that route. I have a particularly pernicious piece of spyware on my machine that none of the usual tools seem to be able or willing to get rid of (the existence of which is why all of my normal users, including myself, are limited.) I've disabled it by denying all permissions on its directory to everybody, thus prohibiting it from running and even from reinstalling itself if another copy of it should happen to run if some idiot admin (me) should happen to go insane, run IE, and go to an infe[cs]ted website.
</rant>

Why is it...

[cagliost]

That when Mozilla (or anything not by Microsoft) has a bug, people say "Let's hope that these will be fixed soon!", but when IE (or anything by Microsoft) has a bug, people say (")Hahahahaha!(")?

Re:A fix?

[The Spoonman]

They only affect Firefox 0.9.3 and earlier.

So? Why is it that when a flaw is found in a MS product that hasn't even been on the market for 4 years everyone jumps up and down and says "SEE! SEE!! They want to keep you on a constant upgrade cycle!!", but when it happens in the open source community, the reaction is "Eh, just upgrade"?