Full Disclosure mailing list archives
Re: Browser security was Re: MDKSA-2004:021 - Updated mozilla packages fix multiple vulnerabilities
From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 10 Mar 2004 23:55:23 +0100
Gary Flynn wrote:
Wow. A GNU/Linux distributor who finally releases a security update for Mozilla. Isn't this a first? There is a list of published issues at:I'm glad you said "published" instead of "known". :)
That was quite deliberate. 8-) There are quite a few security bugs which have been classified in accordance with the Mozilla Security Policy: <http://www.mozilla.org/projects/security/security-bugs-policy.html> Note that the list you've seen doesn't include bugs which were fixed in 1.6 (Sandblad #13, but the 1.6 release notes suggest that there are more).
What I'd like to see personally is a right-click "temporarily disable/enable risky functionality for this site" option
There's a Mozilla plugin for a toolbar which offers exactly this functionality (switch on/off Java, JavaScript, Proxy, Images by a single mouse click). However, I stopped using it when the nastiest aspect of JavaScript (pop-up ads) suddenly became a non-issue. 8-> -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: atlas.cz, bigpond.com, freenet.de, hotmail.com, libero.it, netscape.net, postino.it, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr, wanadoo.fr, yahoo.com. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MDKSA-2004:021 - Updated mozilla packages fix multiple vulnerabilities Mandrake Linux Security Team (Mar 10)
- Re: MDKSA-2004:021 - Updated mozilla packages fix multiple vulnerabilities Florian Weimer (Mar 10)
- Browser security was Re: MDKSA-2004:021 - Updated mozilla packages fix multiple vulnerabilities Gary Flynn (Mar 10)
- Re: Browser security was Re: MDKSA-2004:021 - Updated mozilla packages fix multiple vulnerabilities Florian Weimer (Mar 10)
- Re: Browser security was Re: MDKSA-2004:021 - Updated mozilla packages fix multiple vulnerabilities Nick FitzGerald (Mar 11)
- Re: Browser security was Re: MDKSA-2004:021 - Updated mozilla packages fix multiple vulnerabilities Valdis . Kletnieks (Mar 11)
- Re: MDKSA-2004:021 - Updated mozilla packages fix multiple vulnerabilities Vincent Danen (Mar 10)
- Browser security was Re: MDKSA-2004:021 - Updated mozilla packages fix multiple vulnerabilities Gary Flynn (Mar 10)
- Re: MDKSA-2004:021 - Updated mozilla packages fix multiple vulnerabilities Florian Weimer (Mar 10)