[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Browser security was Re: [Full-Disclosure] MDKSA-2004:021 - Updated mozilla packages fix multiple vulnerabilities
- To: Gary Flynn <flynngn@xxxxxxx>
- Subject: Re: Browser security was Re: [Full-Disclosure] MDKSA-2004:021 - Updated mozilla packages fix multiple vulnerabilities
- From: Florian Weimer <fw@xxxxxxxxxxxxx>
- Date: Wed, 10 Mar 2004 23:55:23 +0100
Gary Flynn wrote:
> >Wow. A GNU/Linux distributor who finally releases a security update for
> >Mozilla. Isn't this a first?
> >
> >There is a list of published issues at:
>
> I'm glad you said "published" instead of "known". :)
That was quite deliberate. 8-)
There are quite a few security bugs which have been classified in
accordance with the Mozilla Security Policy:
<http://www.mozilla.org/projects/security/security-bugs-policy.html>
Note that the list you've seen doesn't include bugs which were fixed in
1.6 (Sandblad #13, but the 1.6 release notes suggest that there are more).
> What I'd like to see personally is a right-click "temporarily
> disable/enable risky functionality for this site" option
There's a Mozilla plugin for a toolbar which offers exactly this
functionality (switch on/off Java, JavaScript, Proxy, Images by a single
mouse click).
However, I stopped using it when the nastiest aspect of JavaScript
(pop-up ads) suddenly became a non-issue. 8->
--
Current mail filters: many dial-up/DSL/cable modem hosts, and the
following domains: atlas.cz, bigpond.com, freenet.de, hotmail.com,
libero.it, netscape.net, postino.it, tiscali.co.uk, tiscali.cz,
tiscali.it, voila.fr, wanadoo.fr, yahoo.com.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html