Making open-source browsing safe for the masses

It's been an eventful month for Window Snyder. As chief security something or other at Mozilla, Snyder has shepherded two updates that fixed critical vulnerabilities in the way the browser handles uniform resource identifiers. The most recent patch punctuated several weeks of debate over exactly who owned the vulnerability. …

Back to the article

This topic is closed for new posts.

Posted Thursday 2nd August 2007 11:27 GMT

David Eddleman

Well! #

"It's a problem on both sides."

Thank you and goodnight.

Posted Thursday 2nd August 2007 13:22 GMT

Anonymous Coward

"It's a problem on both sides." #

True, but one side has fixed it. The other is pretending it doesn't exist.

Posted Thursday 2nd August 2007 15:22 GMT

I.M.Fantom

It's a feature, not a problem. #

is Microsoft's usual reply.

Posted Thursday 2nd August 2007 17:19 GMT

Dillon Pyron

Other platforms #

OS X. Does Safari get passed this "malcious code" and is there a know (KNOWN) exploit for it?

Linux. Plenty of other browsers. Same question.

Posted Thursday 9th August 2007 04:46 GMT

Steve P

It was always a Firefox problem #

The problem was that Firefox registers the 'firefoxurl:' URL scheme and failed to validate the data they were getting through it. That they are not validating the data is what makes it a Firefox problem.

They are using the same mechanism that Real Player uses to register 'rtsp:', Media Player to register 'mms:', Steam to register 'steam:', your mail program uses to register 'mailto:', and your browser uses to register 'http:' and 'https:'.

With the variety of url schemes supported, it's hardly reasonable to assume Microsoft can really validate each type.

This topic is closed for new posts.

Forums

Forums home