Re: Time to Upgrade: Mozilla Firefox Multiple Vulnerabilities

["Fergie" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Right you are. :-)

- - ferg


- -- Reed Loden <reed () reedloden com> wrote:

On Wed, 20 Dec 2006 00:13:04 GMT
"Fergie" <fergdawg () netzero net> wrote:

> Also, I noticed that someone else mentioned that at least one
> critical vulnerability remains unplugged:
>
> http://www.internetnews.com/dev-news/article.php/3650106

I, personally, do not consider that a critical vulnerability. The
problem is really with the third-party sites (such as MySpace)
that allow users to post login forms on their site. If the sites didn't
allow users to post content like that, it wouldn't be a problem.
MySpace has since fixed this problem, so it's not an issue there. Also,
it's not like somebody can get the password for another website than
the one you are currently viewing.

A better "fix" (for some definition of "fix" for a problem that's
really not Firefox's fault) for this issue will come in a later Firefox
release, but for now, Firefox 2.0.0.1/1.5.0.9 allows people to disable
the password manager's autofill function if they feel that they are
really unsecure due to this issue.

Honestly, if you trust the sites you are going to, you shouldn't have a
problem. I'm not worried about it. :)

~reed

- -- 
Reed Loden - <reed () reedloden com>

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.2 (Build 4075)

wj8DBQFFiJXeq1pz9mNUZTMRAuNHAJ96ap84XF9DgwHnot722jWckqgb4ACgwyK7
xRdZFHeWW/zr7w1LlSSI/0o=
=DosO
-----END PGP SIGNATURE-----

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.