lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040310225523.GA20493@deneb.enyo.de>
From: fw at deneb.enyo.de (Florian Weimer)
Subject: Browser security was Re: MDKSA-2004:021 - Updated mozilla packages fix multiple vulnerabilities

Gary Flynn wrote:

> >Wow.  A GNU/Linux distributor who finally releases a security update for
> >Mozilla.  Isn't this a first?
> >
> >There is a list of published issues at:
> 
> I'm glad you said "published" instead of "known". :)

That was quite deliberate. 8-)

There are quite a few security bugs which have been classified in
accordance with the Mozilla Security Policy:

<http://www.mozilla.org/projects/security/security-bugs-policy.html>

Note that the list you've seen doesn't include bugs which were fixed in
1.6 (Sandblad #13, but the 1.6 release notes suggest that there are more).

> What I'd like to see personally is a right-click "temporarily
> disable/enable risky functionality for this site" option

There's a Mozilla plugin for a toolbar which offers exactly this
functionality (switch on/off Java, JavaScript, Proxy, Images by a single
mouse click).

However, I stopped using it when the nastiest aspect of JavaScript
(pop-up ads) suddenly became a non-issue. 8->

-- 
Current mail filters: many dial-up/DSL/cable modem hosts, and the
following domains: atlas.cz, bigpond.com, freenet.de, hotmail.com,
libero.it, netscape.net, postino.it, tiscali.co.uk, tiscali.cz,
tiscali.it, voila.fr, wanadoo.fr, yahoo.com.


Powered by blists - more mailing lists