MozillaZine

Mozilla Security Hole

Tuesday April 30th, 2002

Anonymous reports: "Grey Magic is reporting a minor security hole in Mozilla builds from at least 0.9.2 up to the current trunk and 1.0 branch. A bug has been filed in bugzilla, and will be opened to the public to view once the fix has been made. This also affects Netscape browsers from at least 6.1 on. There are no known uses of the vulnerability at this time." We'll let you know when a patch has been checked in for this.

On a side note, Grey Magic recommends that users "should move to a better performing, less buggy browser," on their vulnerability page. Looking at the open issues for it, IE clearly doesn't seem like the better choice.

UPDATE! A fix has been checked into the trunk, and has been approved for checkin to the 1.0 branch. Expect it to be in nightly builds for both branch and trunk starting tomorrow.


#65 re:

by leahcim

Wednesday May 1st, 2002 1:30 PM

You are replying to this message

> Most users do not have mozilla.org as their home page.

Well there's not much point at the moment given the security fixes aren't there.

FFS they go to the trouble of telling folk the browser is too old on the start page, it doesn't take a leap of imagination to change that message.

> so making an announcement there would not be a very effective warning for the masses

What masses? You don't have masses yet. That aside, if the info was there and folks chose to load yahoo or blinkenlightenflashenBeepenfart.com instead that would be their lookout.

Most users don't apply fixes anyway - I hope your dumb logic isn't going to stop you writing them on the basis of what "most users" do?

No the guff I referred to was the sensible folk at mozilla who quite correctly pointed out the netscape employee who marked the bug as hidden was peeing in the wind.