ChuckB writes “The Mozilla Foundation has issued a security warning about a problem affecting Mozilla, FireFox, and Thunderbird on the Windows platforms. You are advised to apply the patch or upgrade to the newest versions of the affected software.
<editorial>I keep WinXP machines at my home, my in-laws’ home, and my desk at work patched. I have applied many fixes from Microsoft for IE and related products. This is the first time I recall having to remedy a security problem with Mozilla.</editorial>”
And it sounds a bit less extreme…
While being able to drop into DOS is a pretty hefty issue, at least it’s not like almost every single MS patch. Almost every patch I install for XP fixes a vulnerablity where a user could gain full control of my computer. I’ve yet to come across a patch where a cracker might delete files, or insert code, or steal data only. Nope, every single patch I can remember fixes it so someone can’t completely hijack and rape my computer.
You’d think Microsoft would get the hang of this and find those holes and fill them. But nope, first they gotta figure out if it’s a real threat, then they decide whether they actually patch it or go with “security through ignorance,” and then they’ll send out the patch, and unless you have a proper copy of XP, you might not get the patch. While I agree piracy is wrong, it’s an unabashed fact that it exists. Leaving computers unpatched to spread worms, DDOS attacks, and the like simply because you don’t like pirates is tantamount to saying it’s okay to leave my keys and gun in my car; after all it’s my car and my gun. People shouldn’t steal them and wreck havok with them should they? After all they’re mine and I paid for them.
Doesn’t mean that you shouldn’t feel responsible for it
I’ve said it before…
Microsoft succeeded with IE to integrate the browser with the operating system, and eliminate the competition. Steve Ballmer recently said that Microsoft has a security “perception” problem, as opposed to a security problem. Unless they figure out how to decouple the browser from the OS, every security flaw with IE will have the vulnerability of taking over your computer. Be afraid.
Thanks for posting the security bulletin!
I went to mozilla.org and typed “firefox patch” into search engine and didn’t see this update. I went to the main firefox page and couldn’t find the patch.
Sometimes you just have to ask a(nother) librarian!