| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040310225523.GA20493@deneb.enyo.de> From: fw at deneb.enyo.de (Florian Weimer) Subject: Browser security was Re: MDKSA-2004:021 - Updated mozilla packages fix multiple vulnerabilities Gary Flynn wrote: > >Wow. A GNU/Linux distributor who finally releases a security update for > >Mozilla. Isn't this a first? > > > >There is a list of published issues at: > > I'm glad you said "published" instead of "known". :) That was quite deliberate. 8-) There are quite a few security bugs which have been classified in accordance with the Mozilla Security Policy: <http://www.mozilla.org/projects/security/security-bugs-policy.html> Note that the list you've seen doesn't include bugs which were fixed in 1.6 (Sandblad #13, but the 1.6 release notes suggest that there are more). > What I'd like to see personally is a right-click "temporarily > disable/enable risky functionality for this site" option There's a Mozilla plugin for a toolbar which offers exactly this functionality (switch on/off Java, JavaScript, Proxy, Images by a single mouse click). However, I stopped using it when the nastiest aspect of JavaScript (pop-up ads) suddenly became a non-issue. 8-> -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: atlas.cz, bigpond.com, freenet.de, hotmail.com, libero.it, netscape.net, postino.it, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr, wanadoo.fr, yahoo.com.
Powered by blists - more mailing lists