Friday, January 07, 2005

New bugs found in Mozilla/Firefox/Thunderbird

Some new bugs in Mozilla, Mozilla Firefox (browser), and Mozilla Thunderbird (mail client) were recently identified. The first allows the source of a download to be spoofed, generating a fake URL. The second was created by the way that Mozilla's browsers handle news:// links to newsgroups, hackers can easily create false links and create a buffer overflow. And the third affects machines with multiple users. The way that Firefox and Thunderbird store files allows every user to see them and to probably catch the other user's surfing habits. But here's the difference between bugs in Mozilla products and Microsoft (like Internet Explorer and Outlook Express) - the latest version of Firefox and Thunderbird is already patched to prevent the second bug and may not be vulnerable to the third. Here's hoping the first bug gets patched quickly.

No comments: