On Tue, Apr 05, 2005 at 03:52:32AM -0400, Allen wrote:
On Tue, Apr 05, 2005 at 09:24:22AM +0200, Marcus Meissner wrote:
On Mon, Apr 04, 2005 at 10:01:25PM +0100, Anthony Edwards wrote:
A new, quite fascinating vulnerability was apparently discovered today, which allows attackers to craft custom JavaScript code in order to gain access to information contained in system RAM; all current versions of Mozilla Firefox are believed to be affected:
http://secunia.com/advisories/14820/
An intriguing test for this vulnerability (watch information contained in system memory echo to the screen!) appears here:
http://secunia.com/mozilla_products_arbitrary_memory_exposure_test/
A temporary workaround is to disable JavaScript support, however SuSE will be releasing a patched version of Firefox presumably?
Of course we will provide the now biweekly Firefox security update *sigh*
Novell should make their own browser. That would Pwn. :) Then again browsers are a pain to get going. Has anyone seen this vuln used much outside of some dork trying to prove it COULD happen?
Well, most browsers are so complex and so massive that problems cannot be avoided. I invite to take a look at konqueror, it up to now never showed up on buffer overflows or memory leaks ... (But it did show up for logical problems with Tabs and similar, so it is not safe either.)
Lol, maybe some of those Win kids were right? "Well if Linux was on top of the market and used as much as Windows there would be lots of security holes in it too!".
Marcus, I know things like this must get annoying as crap, but I still think you have an awesome job. When security flaws get on your nerves, relax with some BOFH stories :) (If you've never read them just type BOFH in a google search, they rock and there are translations for non English).
Hey, thanks :) I read the BOFH texts long time ago and remember them, but this attitude is unfortunately not really called for business Linux versions ;) "In the new SUSE Linux release we are now standardizing on the 'netcat' browser. It is fully costumable to your viewing experience." ;) Ciao, Marcus