Making open-source browsing safe for the masses

It's been an eventful month for Window Snyder. As chief security something or other at Mozilla, Snyder has shepherded two updates that fixed critical vulnerabilities in the way the browser handles uniform resource identifiers. The most recent patch punctuated several weeks of debate over exactly who owned the vulnerability. …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Thursday 2nd August 2007 11:27 GMT David Eddleman

Well!

"It's a problem on both sides."

Thank you and goodnight.

0 0
Thursday 2nd August 2007 13:22 GMT Anonymous Coward

"It's a problem on both sides."

True, but one side has fixed it. The other is pretending it doesn't exist.

0 0
Thursday 2nd August 2007 15:22 GMT I.M.Fantom

It's a feature, not a problem.

is Microsoft's usual reply.

0 0
Thursday 2nd August 2007 17:19 GMT Dillon Pyron

Other platforms

OS X. Does Safari get passed this "malcious code" and is there a know (KNOWN) exploit for it?

Linux. Plenty of other browsers. Same question.

0 0
Thursday 9th August 2007 04:46 GMT Steve P

It was always a Firefox problem

The problem was that Firefox registers the 'firefoxurl:' URL scheme and failed to validate the data they were getting through it. That they are not validating the data is what makes it a Firefox problem.

They are using the same mechanism that Real Player uses to register 'rtsp:', Media Player to register 'mms:', Steam to register 'steam:', your mail program uses to register 'mailto:', and your browser uses to register 'http:' and 'https:'.

With the variety of url schemes supported, it's hardly reasonable to assume Microsoft can really validate each type.

0 0

Topics

Special Features

Vendor Voice

Resources

User topics

Article topics

User topics

Article topics

COMMENTS

Well!

"It's a problem on both sides."

It's a feature, not a problem.

Other platforms

It was always a Firefox problem

About Us

Our Websites

Your Privacy