back to article Flaws galore in IE and Firefox

Polish security researcher Michal Zalewski, known for his seemingly unending stream of browser vulnerability discoveries, has struck again. This time he's reported four flaws that are sure to get the attention of bug squashers in both Microsoft and Mozilla camps. The most serious vulnerability could make it possible for cyber …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    The reality of bugs

    Finally, a good programmer who's out there looking for bugs and not looking to crush companies.

    Too bad there was no safari bugs found today; guess he was just busy.

    ...using IE7 and Firefox to test personal websites against spambots :)

  2. Robin

    Another Firefox Bug

    Firefox also seems to display another bug, where it displays two number 3 items on the Full Disclosure page, instead of 3 & 4.

    I shall expect full details to be posted in due course...

  3. Mark Gillespie

    What no Opera???

    Seems Opera is OK here, but then it's pretty rare that Opera vunrabilities are discovered, and they are always nailed down within days...

    Opera seems to be designed with security in mind, but Mozilla and IE have secuirty bolted on...

  4. James Cleveland

    Firefox

    Also goes horrifically slowly if you open more than about 10 images. Its download manager (when open) locks the browser temporarily when adding downloads, it slows up when there are lots of images on the page.

  5. Anonymous Coward
    Anonymous Coward

    Security vs user-friendliness

    It appears that the more user-friendly a piece of software gets, the more vulnerable it becomes. The Holy Grail of systems developers is to find the ultimate secure system that wipes your bottom for you in addition to looking as sexy as whoever your dream mate is. As in real life, it's not going to happen.

  6. Matt Bradley

    Re: Another Firefox Bug

    IE 7 Seems to display the same bug... how wierd is that? And both browsers display two number threes in the source code view as well!!!!

    Freaky! :D

  7. Ariel

    hmm, just Another Job for NoScript?

    Preventing these and many other yet unknown exploits is just as easy as installing the NoScript firefox extension.

    Letting JavaScript run on every page you visit, intentionally or not, is just dumb.

    Security is all about giving away the minimum privileges to do the work, and never, NEVER to strangers.

    NoScript just brings the abc of security in the browser.

  8. Joe K

    why no opera....

    ...cos Opera is a lot older than most people realise, and was never designed to emulate IE in any way, thankfully.

    Shame Mozilla/Netscape lost sight of such a vital "feature".

  9. Dillon Pyron

    Full disclosure

    The question is, did he notify MS and Mozilla prior to post the vulns? If not he's not much better than a black hat. I've never posted without 30 days notice.

  10. Mike Moyle

    FWIW

    Safari (2.0.4), with "Enable JavaScript" and "Always accept cookies" selected (*NOT* my usual configuration!) returned:

    "Failed to obtain cookie in 120 seconds.

    "Your browser might be not vulnerable, or your

    network performance deviates from what this

    script expects. Try again or give up."

    ...Doesn't mean it's *SAFE*, but is, at least, one datum for Mr. Zalewski.

  11. Graham Lockley

    No JS here either

    'Preventing these and many other yet unknown exploits is just as easy as installing the NoScript firefox extension.'

    Have to agree, the NoScript plug-in should be installed by default. Of course it wont because it breaks a lot of sites and it requires some thought to go through the denied scripts. Joe Public isnt going to put up with the learning curve that entails.

  12. This post has been deleted by its author

This topic is closed for new posts.