Erik Funkenbusch <erik@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> On Sun, 01 Oct 2006 11:34:37 +0100, Roy Schestowitz wrote:
>
>>| "Mozilla can turn around on a dime," Levy said. "Open-source programmers
>>| can recognize a problem and patch it in days or weeks."
>
> Oh, that's such bullshit. Let's look at the security vulnerabilities in
> firefox that were patched with 1.5.0.7 on September 14th.
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=346090
>
> According to the CVE:
>
> Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird
> before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause
> a denial of service (crash) and possibly execute arbitrary code via a
> JavaScript regular expression with a "minimal quantifier."
>
Wow, that sounds pretty serious. And meaningful. To the zero linux
users around here that run firefox as root.
-----yttrx
--
http://www.yttrx.net
|
|
