Nate wrote:
On Tue, 15 Mar 2005 10:51:26 -0500, Allen Farley <[EMAIL PROTECTED]> wrote:
From the article:
The weakness has been confirmed in version 1.0.1. Other versions may
also be affected.
I also tested the sample code with FF 1.0.1, and they are right.
It's not unusual for me to save a zip (because I want to keep a copy), and then right-away click "Open" when it's finished downloading. Now I know that could be a recipe for disaster, if I were not to notice the change in filename. So thanks for posting the alert.
I suppose it's too-good-to-be-true that there is an email alert service for these exploits? One that covers only FF, not every thing under the sun?
...and it occurs to me yet once again, that one big reason for the proliferation of spam, spyware, viruses and on and on ad nauseum is that the bad guys hardly ever suffer any punishment. It's like burglars being allowed to try as many doors as they want to.
In the too-good-to-be-true category, would a webpage do as a stop-gap measure? http://secunia.com/product/4227/ There may be other possibilities there as well.
On punishing the bad guys, my suggestions would most likely be considered inhumane for these creatures.
Just figured out, with some help from TB help and FAQ, another alternative in the Too-good-to-be-true category here. Secunia Advisories come also in RSS, others may also have this as well. You can setup a Saved Search Folder on an RSS. Yes it seems to work when I set one up to test on TB 1.0.2
I set it up to look for Thunderbird, Firefox or Mozilla in both the subject and body. You still have the Secunia Advisory RSS folder for the subscription, but at lease you have an easy way to access only the articles you are wanting.
If you don't like that, you could still use the Secunia Advisory RSS, or which ever you prefer, with a filter! It's kind of interesting all of the possible solutions you have to choose from.
Allen _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
