Page 2 of 2 FirstFirst 12
Results 17 to 19 of 19

Thread: Mozilla Flaw Lets Links Run Arbitrary Programs

  1. #17
    HEXUS webmaster Steve's Avatar
    Join Date
    Nov 2003
    Posts
    14,283
    Thanks
    293
    Thanked
    841 times in 476 posts
    I think what we can take away from this is that it was perhaps bad judgement on the part of the Mozilla foundation on not pro-actively fixing or avoiding this problem.

    However, the response time following the development of an exploit is admirable, regardless of this oversight. I still think, as a Firefox user, that I'm still in safer hands than when I was using IE.
    PHP Code:
    $s = new signature();
    $s->sarcasm()->intellect()->font('Courier New')->display(); 

  2. #18
    Member
    Join Date
    Sep 2003
    Location
    Peterborough
    Posts
    147
    Thanks
    0
    Thanked
    0 times in 0 posts
    I really don't see how anyone can call this exploit a "bug in Mozilla". It's a feature in Windows that really shouldn't be there, and Mozilla have now released a patch to hide the fundamental Windows insecurity.

    Basically, if a URL starts with "http:", then the web browser should display it. A web browser may also attempt to display other URLs - e.g. ones beginning with "ftp:", but there's no law that says they have to. If a web browser doesn't know what to do with a particular URL, then it asks the operating system if IT know what to do with the URL. This exploit is just Mozilla passing URLs starting with "shell:" to Windows - which is what the web browser should do. The fact that Windows is so fundamentally insecure that this facility can be exploited, and Microsoft won't do anything about it so that Mozilla have to, is no reflection on the Mozilla foundation at all.

    The truth is that, while Firefox may be more secure than IE, Windows (pre XP SP2 at least) is so flawed that the Firefox/Windows combo is still damned dodgy.

  3. #19
    HEXUS webmaster Steve's Avatar
    Join Date
    Nov 2003
    Posts
    14,283
    Thanks
    293
    Thanked
    841 times in 476 posts
    Taken from our front page:

    More good news on the security front. InfoWorld reports:
    Popular Microsoft Corp. products may be vulnerable to a security vulnerability that is similar to one patched for the Mozilla Web browsers last week.

    Microsoft's MSN Messenger and Word word processing application both support a feature that could give remote users access to functions that could be used launch applications on Windows computers, according to an alert from Secunia, which tracks software vulnerabilities.
    It looks like other programs are doing the same as Mozilla was, and just passing the "shell:" URI to the OS to deal with.

    Check out the full article here.
    PHP Code:
    $s = new signature();
    $s->sarcasm()->intellect()->font('Courier New')->display(); 

Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. 'Critical' flaw found in Windows
    By Basher in forum General Discussion
    Replies: 8
    Last Post: 25-07-2003, 04:49 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •