DTP


 
Lively discussions on the graphic arts and publishing — in print or on the web


Go Back   Desktop Publishing Forum > General Discussions > General Publishing Topics

Reply
 
Thread Tools Display Modes
Old 04-09-2005, 01:18 PM   #1
ktinkel
Founding Sysop
 
ktinkel's Avatar
 
Join Date: Oct 2004
Location: In Connecticut, on the Housatonic River near its mouth at Long Island Sound.
Posts: 11,189
Default Mozilla (etc.) memory flaw

Mozilla browsers (Mozilla, Firefox, Camino, Netscape) supposedly have a vulnerability that exposes chunks of memory from your system to malicious web sites.

The only place that seems to be talking this up is the Secunia web site, which allows you to test your browser to see if it has this vulnerability.

I took the Secunia test with Firefox and sure enough, stuff I recognized from my Mac was presented in a window on the site. It included my font list, items from my Firefox Preferences, and the name of this particular “skin” for our forum. In fact, this last click showed the content of this message.

There was a short article on C|NET on Wednesday, with links to other stories on the problem. I have no idea if it is a practical problem or a potential one. There has been no announcement on the Mozilla/Firefox web site, fwiw.

I asked about this on the Mozilla/Netscape forum on CIS. Maybe they will know whether it is anything to worry about.

   
__________________
[SIZE=2][COLOR=LemonChiffon]::[/COLOR][/SIZE]
[SIGPIC][/SIGPIC]
ktinkel is offline   Reply With Quote
Old 04-09-2005, 03:31 PM   #2
annc
Sysop
 
annc's Avatar
 
Join Date: Oct 2004
Location: Subtropical Queensland, Australia, between the mountains and the Coral Sea
Posts: 4,436
Default

Quote:
Originally Posted by ktinkel
Mozilla browsers (Mozilla, Firefox, Camino, Netscape) supposedly have a vulnerability that exposes chunks of memory from your system to malicious web sites.

The only place that seems to be talking this up is the Secunia web site, which allows you to test your browser to see if it has this vulnerability.

I took the Secunia test with Firefox and sure enough, stuff I recognized from my Mac was presented in a window on the site. It included my font list, items from my Firefox Preferences, and the name of this particular “skin” for our forum. In fact, this last click showed the content of this message.

There was a short article on C|NET on Wednesday, with links to other stories on the problem. I have no idea if it is a practical problem or a potential one. There has been no announcement on the Mozilla/Firefox web site, fwiw.

I asked about this on the Mozilla/Netscape forum on CIS. Maybe they will know whether it is anything to worry about.
Hmm, all I got was stuff about buttons and a few URLs I'd been to recently with Firefox, that almost certainly came from my recent browsing.

I went out and fiddled a bit with Entourage before going back to click on the link a few times, but still only got very recent Firefox stuff, mostly URLs for my current browser session.

I'll go and type up some BBEdit stuff, look at some e-mail again, and try it again. I'll also try it with Safari.

   
__________________
annc is offline   Reply With Quote
Old 04-09-2005, 03:39 PM   #3
annc
Sysop
 
annc's Avatar
 
Join Date: Oct 2004
Location: Subtropical Queensland, Australia, between the mountains and the Coral Sea
Posts: 4,436
Default

Quote:
Originally Posted by ktinkel
Mozilla browsers (Mozilla, Firefox, Camino, Netscape) supposedly have a vulnerability that exposes chunks of memory from your system to malicious web sites.

The only place that seems to be talking this up is the Secunia web site, which allows you to test your browser to see if it has this vulnerability.

I took the Secunia test with Firefox and sure enough, stuff I recognized from my Mac was presented in a window on the site. It included my font list, items from my Firefox Preferences, and the name of this particular “skin” for our forum. In fact, this last click showed the content of this message.

There was a short article on C|NET on Wednesday, with links to other stories on the problem. I have no idea if it is a practical problem or a potential one. There has been no announcement on the Mozilla/Firefox web site, fwiw.

I asked about this on the Mozilla/Netscape forum on CIS. Maybe they will know whether it is anything to worry about.
Safari just shows a heap of Xes in that test window. I suppose the only problem is if you use Firefox in secure servers for sending credit card info etc. I rarely do that, and use Safari then anyway. I only use Firefox for forum access.

   
__________________
annc is offline   Reply With Quote
Old 04-12-2005, 04:49 PM   #4
JVegVT
Member
 
Join Date: Jan 2005
Location: northern New England, USA
Posts: 510
Default

That was interesting! Opera in Linux showed nothing but Xs. Mozilla in Linux showed stuff from memory. It has the vulnerability. Konqueror showed Xs, so it's okay, too. I tried it with Dillo, but since Dillo can't do Javascript nothing happened. I use Opera for everything but a few sites that don't work with it.
--Judy M.
JVegVT is offline   Reply With Quote
Old 04-12-2005, 05:48 PM   #5
ktinkel
Founding Sysop
 
ktinkel's Avatar
 
Join Date: Oct 2004
Location: In Connecticut, on the Housatonic River near its mouth at Long Island Sound.
Posts: 11,189
Default

Quote:
Originally Posted by annc
Hmm, all I got was stuff about buttons and a few URLs I'd been to recently with Firefox, that almost certainly came from my recent browsing.
Interesting. I kept clicking until I found the text from a message I was writing here.

In any event, this flaw is known at the Mozilla camp, and should be fixed with the next update. No problem has been reported — it is a vulnerability, not some sort of attack.

Sobering, nonetheless. Weird to see my words appear on a web site.

   
__________________
[SIZE=2][COLOR=LemonChiffon]::[/COLOR][/SIZE]
[SIGPIC][/SIGPIC]
ktinkel is offline   Reply With Quote
Old 04-12-2005, 06:24 PM   #6
annc
Sysop
 
annc's Avatar
 
Join Date: Oct 2004
Location: Subtropical Queensland, Australia, between the mountains and the Coral Sea
Posts: 4,436
Default

Quote:
Originally Posted by ktinkel
In any event, this flaw is known at the Mozilla camp, and should be fixed with the next update. No problem has been reported — it is a vulnerability, not some sort of attack.

Sobering, nonetheless. Weird to see my words appear on a web site.
Indeed. I just heard on the news that Microsoft has announced security holes in MS Office, Internet Explorer, and othervulnerable apps.

   
__________________
annc is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Handy Firefox/Mozilla extensions for developers iamback Web Site Building & Maintenance 4 04-02-2006 09:00 AM
1GB USB flash memory $35 ktinkel General Publishing Topics 0 02-11-2006 09:06 AM
Making MSIE apps work w/Mozilla browsers ktinkel Web Site Building & Maintenance 0 07-28-2005 08:27 AM
Security flaw problem in Adobe CS1 & more terrie Images 0 06-14-2005 01:10 PM


All times are GMT -8. The time now is 08:38 PM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Contents copyright 2004–2014 Desktop Publishing Forum and its members.