MozillaZine

Mozilla Riddled with Fixed Security Holes

Tuesday November 5th, 2002

The Register is reporting that six Mozilla security flaws were posted to BugTraq over the weekend. The most remarkable detail about these bugs is that most of them are already fixed. In fact, only one of the flaws (reported here in September) is present in the latest stable branch and trunk releases (Mozilla 1.0.1 and 1.1 respectively), while the more recent 1.2 Beta isn't vulnerable to any of them.

UPDATE! Thanks to laszlo for pointing out the glaring typing errors in this article.


#1 New Netscape

by Z_God

Tuesday November 5th, 2002 1:31 PM

Reply to this message

We'll probably see a new Netscape release soon then.

#2 Re: New Netscape

by fletchsod

Tuesday November 5th, 2002 2:31 PM

Reply to this message

Soon??? Perhap a little bit later than that.

#3 getting bug reports from users?

by feepcreature

Tuesday November 5th, 2002 6:44 PM

Reply to this message

I suppose "Mozilla riddled with security holes" makes a better headline than "Old versions of Mozilla have bugs", or "Six security problems - five fixed already"

The Register is like that - they don't *always* write balanced articles. Consider their stance on RIAA, Microsoft, and BT, for example. Whatever you think of these organisations, you may notice that the Register rarely takes a neutral tone when discussing them.

Hopefully mozilla isn't their new whipping boy...

-- P

#4 Re: getting bug reports from users?

by asa <asa@mozilla.org>

Wednesday November 6th, 2002 12:19 AM

Reply to this message

"Six security problems - five fixed already"

Isn't that 6 fixed already. Which of those bugs was fixed months ago?

--Asa

#5 fixed in beta (any patch?)

by feepcreature

Wednesday November 6th, 2002 6:41 AM

Reply to this message

You're right - I suppose I was thinking of "production" releases.

On the subject of final releases and security fixes, if there were a critical security fix or something, would it be possible to distribute "patches" to the binary releases, containing only the DLLs or Libraries and so forth which were changed by the fix? It occurs to me this would be useful for (test) users who can't compile from source, or who would rather not run the hairiest and latest nightly build. And might reduce the bandwidth consumed by the servers and mirrors.

I suppose that would need its own wee branch from 1.0.1 (or wherever)... maybe quite a bit of work... but if the fix were important enough...

-- P

#6 ARTICLE DATED MAY 22nd!

by guanxi

Wednesday November 6th, 2002 11:51 AM

Reply to this message

.

#7 Re: ARTICLE DATED MAY 22nd!

by guanxi

Wednesday November 6th, 2002 11:55 AM

Reply to this message

oops ... how embarrassing. Clearly, Moz should automatically reformat all dates to my local setting. I'll submit a bug... ;-/

#8 No information for mozdev project owners

by bugs4hj <bugs4hj@netscape.net>

Thursday November 7th, 2002 6:16 PM

Reply to this message

We're glad mozilla solved at least some security releated bugs since the last release, but not all. However, there is a problem. These bugs are closed, because they are security related, so not all mozdev.org project owners know about these issues. Don't you worry, we fixed them for MultiZilla, but what about the other projects? Some projects are still infected by the same bugs. It's time that mozdev project owners are informed about these bugs, afterall we make add-ons for mozilla and like to be informed about possible security risks.

/HJ

#9 Bookmarks

by Dre

Monday November 11th, 2002 4:51 PM

Reply to this message

I would like to know if it is possible that the bookmarks icon, that opens the list of bookmarks could work in a way, that allowed a dragged bookmark from the address bar and into a long list of sections of folders on the bookmarks list at the bottom. This is because I cannot go below the arrow if the long list to put the entry into another folder.

I hope this makes sense :->

Tia

Dre

#10 Bookmarks

by Dre

Monday November 11th, 2002 5:04 PM

Reply to this message

I would like to know if it is possible that the bookmarks icon, that opens the list of bookmarks could work in a way, that allowed a dragged bookmark from the address bar and into a long list of sections of folders on the bookmarks list at the bottom. This is because I cannot go below the arrow if the long list to put the entry into another folder.

I hope this makes sense :->

Tia

Dre

#11 Bookmarks

by Dre

Monday November 11th, 2002 5:58 PM

Reply to this message

I would like to know if it is possible that the bookmarks icon, that opens the list of bookmarks could work in a way, that allowed a dragged bookmark from the address bar and into a long list of sections of folders on the bookmarks list at the bottom. This is because I cannot go below the arrow if the long list to put the entry into another folder.

I hope this makes sense :->

Tia

Dre