back to article Making open-source browsing safe for the masses

It's been an eventful month for Window Snyder. As chief security something or other at Mozilla, Snyder has shepherded two updates that fixed critical vulnerabilities in the way the browser handles uniform resource identifiers. The most recent patch punctuated several weeks of debate over exactly who owned the vulnerability. …

COMMENTS

This topic is closed for new posts.

Well!

"It's a problem on both sides."

Thank you and goodnight.

0
0
Anonymous Coward

"It's a problem on both sides."

True, but one side has fixed it. The other is pretending it doesn't exist.

0
0

It's a feature, not a problem.

is Microsoft's usual reply.

0
0

Other platforms

OS X. Does Safari get passed this "malcious code" and is there a know (KNOWN) exploit for it?

Linux. Plenty of other browsers. Same question.

0
0

It was always a Firefox problem

The problem was that Firefox registers the 'firefoxurl:' URL scheme and failed to validate the data they were getting through it. That they are not validating the data is what makes it a Firefox problem.

They are using the same mechanism that Real Player uses to register 'rtsp:', Media Player to register 'mms:', Steam to register 'steam:', your mail program uses to register 'mailto:', and your browser uses to register 'http:' and 'https:'.

With the variety of url schemes supported, it's hardly reasonable to assume Microsoft can really validate each type.

0
0
This topic is closed for new posts.

Forums