Sign In/My Account | View Cart  

advertisement

AddThis Social Bookmark Button

Weblog:   A Black Eye for Firefox Security
Subject:   I had no problem finding it
Date:   2005-05-11 11:40:41
From:   dhm
Firefox news is not on the start page. The start page is empty advertising-like info that no one is expected to look at twice. That never changes. I did not have to "dig deep" to find the information. News is on the Mozillazine page and I check there once a day or so. Mozilla put the bug there on May 8'05:


Sunday May 8th, 2005

Mozilla Arbitrary Code Execution Security Flaw


A security flaw that allows a malicious site to execute arbitrary code on a user's system has been discovered in Mozilla Firefox. Secunia has probably the one of the more accurate and concise write-ups of the code execution vulnerability. It appears to be the first "Extremely critical" Firefox flaw logged by Secunia.

On the other hand, Mozilla had known of the security hole since May 2'05. While Microsoft may sit on security information for several months, considering a PR offensive the priority, Mozilla did sit on it when they could have told us to shut off an automatic update feature until whenever. It was the same in principle tho not in extent.


BTW, the Preston Gralla repeats the same syntax I've seen on Secunia, etc. On my copy of Firefox (20050509) the syntax is:


Tools > Options > Content and then uncheck "Allow web sites to download software".