Friday, February 1st 2008

Mozilla Admits Security Breach, Promises Fix by February 5th

It would appear that running any of 600 add-ons in Mozilla Firefox opens up a terrible hole. When exploited, this hole allows a hacker to steal "session information, including session cookies and session history". Mozilla promises a fix by February 5th, with the release of Firefox version 2.0.0.12. While Mozilla classifies this threat as a "high risk", there is some controversy in the hacker world as to how bad this threat really is. According to a hacker, via "hiredhacker.com", this isn't as big a problem as people have made it out to be. However, it is certainly more serious than "leaking a few variables", and should definitely be patched as soon as possible.Source: Neowin.net
Add your own comment

2 Comments on Mozilla Admits Security Breach, Promises Fix by February 5th

#1
1c3d0g
Well, as long as it's patched up quickly, no problem. :) This is why I like Mozilla and Open Source software in general, every issue is resolved as fast as possible to minimize any inconvenience they may cause. That's more than I can say of some *other* software company... :mad:
Posted on Reply
#2
qwerty_lesh
altho i can see how thats a good thing, admitting its responsable for the developers to announce the discovery of flaws and risks in their software. i am personally doubtfull that this will get patched very quickly, ive know mozilla to sit on their hands about previous security flaws for firefox. ( i beleve one flaw didnt get patched for 24months )
(not trying to start flame blah) just imho.
Posted on Reply