Linked by Thom Holwerda on Tue 3rd Oct 2006 18:55 UTC, submitted by anonymous
Smile, we've been on candid camera, and we've been caught with our pants down, standing on our heads, with umbrellas between our teeth. "I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly haven't used it to take over anyone else's computer and execute arbitrary code. I do not have 30 undisclosed Firefox vulnerabilities, nor did I ever make this claim. I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not." Of course it did not take long for black helicopters to arrive. Microsoft has computers, so do the hackers: a link! MS is behind it all!
Permalink for comment 167874
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Member since:
2006-03-13
Perhaps this sorry mess wouldn't have happened if outfits like Cnet hadn't reported it as straight news. Here are some follow-up reports from SecurityFocus and Brian Krebs:
http://www.securityfocus.com/news/11416
http://blog.washingtonpost.com/securityfix/2006/10/zeroday_firefox_...
What emerges from the stories is the joking nature of the talk, that people found it funny, and most did not take it seriously. Mozilla obviously did, it's their job to take stuff like this seriously. Cnet and their ilk, however, have a duty to provide a bit of context.
As a Firefox user, I browse most sites with Javascript disabled via the Noscript extension. Noscript is a vital tool for browsing the Web, as it selectively can unblock scripts per Web page.
https://addons.mozilla.org/firefox/722/
Given the nature of today's Web, it's always a good idea to control tightly how Javascript is used.