Well!
"It's a problem on both sides."
Thank you and goodnight.
Making open-source browsing safe for the masses
It's been an eventful month for Window Snyder. As chief security something or other at Mozilla, Snyder has shepherded two updates that fixed critical vulnerabilities in the way the browser handles uniform resource identifiers. The most recent patch punctuated several weeks of debate over exactly who owned the vulnerability. …
This topic is closed for new posts.
"It's a problem on both sides."
True, but one side has fixed it. The other is pretending it doesn't exist.
It's a feature, not a problem.
is Microsoft's usual reply.
Other platforms
OS X. Does Safari get passed this "malcious code" and is there a know (KNOWN) exploit for it?
Linux. Plenty of other browsers. Same question.
It was always a Firefox problem
The problem was that Firefox registers the 'firefoxurl:' URL scheme and failed to validate the data they were getting through it. That they are not validating the data is what makes it a Firefox problem.
They are using the same mechanism that Real Player uses to register 'rtsp:', Media Player to register 'mms:', Steam to register 'steam:', your mail program uses to register 'mailto:', and your browser uses to register 'http:' and 'https:'.
With the variety of url schemes supported, it's hardly reasonable to assume Microsoft can really validate each type.
This topic is closed for new posts.
Sign up, sign up for The Register's weekly IT security newsletter - click here
Popular Whitepapers
- The Register Buzz Report
Readership perceptions of 25 global IT brands - The Register's Green Computing Debate
An on-demand webcast - Risk and Resilience
The application availability gamble - The Register Guide to iSCSI
A primer on Internet SCSI, a protocol to transport SCSI commands over IP - Register Research on: Application Platforms
The state of play - The Great Virtualization Debate
Practitioner insights into the where, why and how
