Mozilla Riddled with Fixed Security HolesTuesday November 5th, 2002The Register is reporting that six Mozilla security flaws were posted to BugTraq over the weekend. The most remarkable detail about these bugs is that most of them are already fixed. In fact, only one of the flaws (reported here in September) is present in the latest stable branch and trunk releases (Mozilla 1.0.1 and 1.1 respectively), while the more recent 1.2 Beta isn't vulnerable to any of them. UPDATE! Thanks to laszlo for pointing out the glaring typing errors in this article. We'll probably see a new Netscape release soon then. I suppose "Mozilla riddled with security holes" makes a better headline than "Old versions of Mozilla have bugs", or "Six security problems - five fixed already" The Register is like that - they don't *always* write balanced articles. Consider their stance on RIAA, Microsoft, and BT, for example. Whatever you think of these organisations, you may notice that the Register rarely takes a neutral tone when discussing them. Hopefully mozilla isn't their new whipping boy... -- P "Six security problems - five fixed already" Isn't that 6 fixed already. Which of those bugs was fixed months ago? --Asa You're right - I suppose I was thinking of "production" releases. On the subject of final releases and security fixes, if there were a critical security fix or something, would it be possible to distribute "patches" to the binary releases, containing only the DLLs or Libraries and so forth which were changed by the fix? It occurs to me this would be useful for (test) users who can't compile from source, or who would rather not run the hairiest and latest nightly build. And might reduce the bandwidth consumed by the servers and mirrors. I suppose that would need its own wee branch from 1.0.1 (or wherever)... maybe quite a bit of work... but if the fix were important enough... -- P . oops ... how embarrassing. Clearly, Moz should automatically reformat all dates to my local setting. I'll submit a bug... ;-/ We're glad mozilla solved at least some security releated bugs since the last release, but not all. However, there is a problem. These bugs are closed, because they are security related, so not all mozdev.org project owners know about these issues. Don't you worry, we fixed them for MultiZilla, but what about the other projects? Some projects are still infected by the same bugs. It's time that mozdev project owners are informed about these bugs, afterall we make add-ons for mozilla and like to be informed about possible security risks. /HJ I would like to know if it is possible that the bookmarks icon, that opens the list of bookmarks could work in a way, that allowed a dragged bookmark from the address bar and into a long list of sections of folders on the bookmarks list at the bottom. This is because I cannot go below the arrow if the long list to put the entry into another folder. I hope this makes sense :-> Tia Dre I would like to know if it is possible that the bookmarks icon, that opens the list of bookmarks could work in a way, that allowed a dragged bookmark from the address bar and into a long list of sections of folders on the bookmarks list at the bottom. This is because I cannot go below the arrow if the long list to put the entry into another folder. I hope this makes sense :-> Tia Dre I would like to know if it is possible that the bookmarks icon, that opens the list of bookmarks could work in a way, that allowed a dragged bookmark from the address bar and into a long list of sections of folders on the bookmarks list at the bottom. This is because I cannot go below the arrow if the long list to put the entry into another folder. I hope this makes sense :-> Tia Dre |