The Mozilla Foundation has issued "critical" security updates to vulnerabilities discovered in the Firefox browser, Thunderbird e-mail client and SeaMonkey application suite.
The vulnerabilities could potentially be exploited to conduct cross-site scripting attacks, to let malicious attackers launch a remote execution of code on users' computers, and to expose sensitive information, according to an advisory from security company Secunia.
While Mozilla labeled the updates "critical," Secunia rated them "highly critical."
Mozilla advised people to forgo enabling JavaScript in Thunderbird and the mail portions of its Internet application suite SeaMonkey. People are also advised to download SeaMonkey 1.0.7, which is undergoing its final paces of testing.
"Some of these (flaws) were crashes that showed evidence of memory corruption, and we presume that at least some of these could be exploited to run arbitrary code with enough effort," according to one of six-related "critical" Mozilla security advisories issued Tuesday.
Their money comes from users who succumb to their panics so they have a "rating" scale that's built to push people's panic buttons. Otherwise people would look at the definition of "critical" and understand that adding "extremely" to it is an exercise in redundancy.
Since most FF users use NoScript. Most pages I visit never run one line of JavaScript period. Cross Site scripting never happens until I implicitly trust both sites.
Claiming that "most FF users use NoScript" is a presumptuous generalization. Frankly, my guess would be that most FF users don't even know what NoScript is/does.
The fact that a comapany called Secunia doesn't know any unpatched flaws, at a specific time, for a product that is used by less than 1% of people, doesn't mean there are no unpatched flaws and that, thus, doesn't mean that product is the most secured one. Afterall, it's much more likely to find flaws for something that is used by more than 80% (overal percentage, not IE7-specific, but still a metric) of people, wouldn't you agree?
A prediction: Google's motto is 'Do no Evil' yet their floatation has made them less warm and fuzzy and more corporate. As Firefox matures as a business there will be the temptation to 'make money' (even though they make millions of dollars through search partnerships already!), will bring Firefox into the corporate lime light and the tecnical self appointed elite will turn on them. They will become a traget just like Microsoft - for the ethical, and not-so-ethical hackers looking to 'kick' the corproate man for turning against the geekorati. Or, in the case of 'security' companies, to make a name for themselves.
Look, you sack of ****, here are just two here. I'll leave it to you with your third grade education to find the rest. Ya know, why don't you do us all a favor and leave this board, as it's the low rent wannabees who have no understanding of how little they know, that ruin it for the rest of us? <a class="jive-link-external" href="http://news.yahoo.com/s/nf/20061220/bs_nf/48890" target="_newWindow">http://news.yahoo.com/s/nf/20061220/bs_nf/48890</a> <a class="jive-link-external" href="http://www.cio-today.com/news/Mozilla-Patches-Firefox-and-Thunderbird/story.xhtml?story_id=110003SJ1ECS" target="_newWindow">http://www.cio-today.com/news/Mozilla-Patches-Firefox-and-Thunderbird/story.xhtml?story_id=110003SJ1ECS</a>
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
"While Mozilla labeled the updates "critical," Secunia rated them "highly critical.""
Of course Mozilla ONLY labeled the updates "critical", Mozilla's impact key ONLY goes up to critical.
This is just poor journalism.
generalization. Frankly, my guess would be that most FF users
don't even know what NoScript is/does.
test here: <a class="jive-link-external" href="http://www.info-svc.com/news/11-21-2006/rcsr1/" target="_newWindow">http://www.info-svc.com/news/11-21-2006/rcsr1/</a>
test here: <a class="jive-link-external" href="http://www.info-svc.com/news/11-21-2006/rcsr1/" target="_newWindow">http://www.info-svc.com/news/11-21-2006/rcsr1/</a>
Opera 9 - 2 patched
<a class="jive-link-external" href="http://secunia.com/product/10615/?task=advisories" target="_newWindow">http://secunia.com/product/10615/?task=advisories</a>
FF 2 - 1 patched; 1 unpatched
<a class="jive-link-external" href="http://secunia.com/product/12434/?task=advisories" target="_newWindow">http://secunia.com/product/12434/?task=advisories</a>
IE 7 - 3 unpatched
<a class="jive-link-external" href="http://secunia.com/product/12366/?task=advisories" target="_newWindow">http://secunia.com/product/12366/?task=advisories</a>
Safari 2 - 2 patched; 3 unpatched
<a class="jive-link-external" href="http://secunia.com/product/5289/?task=advisories" target="_newWindow">http://secunia.com/product/5289/?task=advisories</a>
Hmmm...
Afterall, it's much more likely to find flaws for something that is used by more than 80% (overal percentage, not IE7-specific, but still a metric) of people, wouldn't you agree?
Watch this space...
Their is no truth to be found. It's all a one sided story. The only real difference between any of us is which side we choose to believe.
<a class="jive-link-external" href="http://news.yahoo.com/s/nf/20061220/bs_nf/48890" target="_newWindow">http://news.yahoo.com/s/nf/20061220/bs_nf/48890</a>
<a class="jive-link-external" href="http://www.cio-today.com/news/Mozilla-Patches-Firefox-and-Thunderbird/story.xhtml?story_id=110003SJ1ECS" target="_newWindow">http://www.cio-today.com/news/Mozilla-Patches-Firefox-and-Thunderbird/story.xhtml?story_id=110003SJ1ECS</a>
Why don't you leave and find some place else to insult people.