OSNews:

OSNews: http://www.osnews.com/story/10208/FireFox_Mobile_Security_News Exploring the Future of Computing en-us Copyright 2001-2009, David Adams adam+nospam@osnews.com Mon, 06 Jul 2009 19:36:54 GMT http://www.osnews.com/images/osnews.gif OSNews.com http://www.osnews.com Yeah... http://osnews.com/thread? http://osnews.com/thread? At least this doesn't work in Opera, this I can tell!
http://secunia.com/mozilla_products_arbitrary_memory_exposure_test/ Tue, 05 Apr 2005 18:42:00 GMT donotreply@osnews.com (Anonymous) Comments Fixed for 1.0.3 (presently RC) http://osnews.com/thread? http://osnews.com/thread? https://bugzilla.mozilla.org/show_bug.cgi?id=288688 Tue, 05 Apr 2005 18:48:00 GMT donotreply@osnews.com (Anonymous) Comments fixed in 1.0.3 http://osnews.com/thread? http://osnews.com/thread? Firefox 1.0.3 which is released in a few hours fixes this problem (as well as an installer problem for the windows version and a couple of crasher bugs) Tue, 05 Apr 2005 18:49:00 GMT donotreply@osnews.com (Anonymous) Comments Would someone explain.... http://osnews.com/thread? http://osnews.com/thread? In the example it looks like the random memory heap data is only visible locally.

Is it possible for a remote computer to see it, or is this like the 'contents of your c drive' thing some sites used to try to con windows users with? (It just opened a local window listing c:, there was no remote access.) Tue, 05 Apr 2005 19:07:00 GMT donotreply@osnews.com (Anonymous) Comments @human http://osnews.com/thread? http://osnews.com/thread? A site could read the memory and redirect to a page which logs such memory. It could even try to filter out readable strings first. This is a BAD vulnerability. Tue, 05 Apr 2005 19:54:00 GMT donotreply@osnews.com (Anonymous) Comments re: @human http://osnews.com/thread? http://osnews.com/thread? and will be fixed shortly... Tue, 05 Apr 2005 20:44:00 GMT donotreply@osnews.com (Anonymous) Comments I'm sick of OSS security flaws... http://osnews.com/thread? http://osnews.com/thread? Not only is Firefox beginning to show it weaknesses, but Linux has a ton of vulnerabilities. See here:

http://secunia.com/advisories/
http://www.securityfocus.com/bid

I stopped using Linux when I realized it was less secure than Windows. Tue, 05 Apr 2005 20:53:00 GMT donotreply@osnews.com (Anonymous) Comments RE: I'm sick of OSS security flaws... http://osnews.com/thread? http://osnews.com/thread? That seems a little premeture.

Out of the contents of the first page that you posted, the only one that could possibly effect me was the firefox one, and that appears to be fixed. The rest were for software I don't use. (I'm the only 'local' user on my computer.)

On the second link, it was a mix of Windows and AIX and all kinds of weird webservery stuff.

I don't consider myself a computer expert, but I think people should ask themselves - 'What is MY experience with this OS?.' rather than 'What did I read today on the internet?'. Tue, 05 Apr 2005 21:18:00 GMT donotreply@osnews.com (Anonymous) Comments @Dr.BooBooGone http://osnews.com/thread? http://osnews.com/thread? I stopped using Linux when I realized it was less secure than Windows.

Ah, so you switched to FreeBSD, then? Tue, 05 Apr 2005 21:21:00 GMT donotreply@osnews.com (Anonymous) Comments re:I'm sick of OSS security flaws.. http://osnews.com/thread? http://osnews.com/thread? Not only is Firefox beginning to show it weaknesses, but Linux has a ton of vulnerabilities. See here:

http://secunia.com/advisories/
http://www.securityfocus.com/bid

I stopped using Linux when I realized it was less secure than Windows.

Ok Bill G. time to go play somewhere else. Can we say troll? Tue, 05 Apr 2005 21:48:00 GMT donotreply@osnews.com (Anonymous) Comments @historyb http://osnews.com/thread? http://osnews.com/thread? Actually, if you look at securityfocus, the Linux kernel alone has somewhere around 23 vulnerabilities in the last week. Some advisories have multiple, so you have to view them to see how mean those have. Tue, 05 Apr 2005 21:58:00 GMT donotreply@osnews.com (Anonymous) Comments OSS security audit by millions of opensource developers reviewing sources 24/7 http://osnews.com/thread? http://osnews.com/thread? Fixed on trunk, AVIARY_1_0_1_20050124_BRANCH, and MOZILLA_1_7_BRANCH.
Thanks for the report, I hope that's the last bug from 1997 left ;-). Tue, 05 Apr 2005 22:53:00 GMT donotreply@osnews.com (Anonymous) Comments huh?!? http://osnews.com/thread? http://osnews.com/thread? every time i post it goes missing what gives? Tue, 05 Apr 2005 23:09:00 GMT donotreply@osnews.com (Anonymous) Comments I wonder why... http://osnews.com/thread? http://osnews.com/thread? ...post from Dr.BooBooGone has been moderated down. Moreover, he posted a couple of useful links. His post didn't look offensive in any way nor it looked like a trolling post.

Or should we ALL agree that Linux is more secure than anything which has been created before? Wed, 06 Apr 2005 00:11:00 GMT donotreply@osnews.com (Anonymous) Comments @The Bitland Prince http://osnews.com/thread? http://osnews.com/thread? You only have to look at the OSNews editor profiles to figure out why. All state OSS as an interest but very few (one from memory) says he has experience with Windows Wed, 06 Apr 2005 00:18:00 GMT donotreply@osnews.com (Anonymous) Comments @vcv: http://osnews.com/thread? http://osnews.com/thread? Sure, now go look at Security Focus's page for Microsoft, it's just the same. What do we learn from this? A standard install of either Windows or Linux is going to be basically completely vulnerable to local DoS and privilege escalation (which make up a good 90% of the vulnerabilities listed for each, by a casual eyeball), therefore, very important security concept - don't allow remote login (*definitely* not a shell), use strong passwords, don't allow untrusted users. Yes, that's earth-shatteringly new information!

If you're going to run a system with multiple local users who need to be properly secured, you're going to need to do some _heavy_ security work, no matter what OS you run. If you're not going to run such a system, a lot of the vulnerabilities listed for both products are not going to affect you. Wed, 06 Apr 2005 02:00:00 GMT donotreply@osnews.com (Anonymous) Comments Nightly 1.0.3 http://osnews.com/thread? http://osnews.com/thread? Any nightly build from mozilla has no problems with this leak. Wed, 06 Apr 2005 03:44:00 GMT donotreply@osnews.com (Anonymous) Comments @AdamW http://osnews.com/thread? http://osnews.com/thread? I agree completely. It was just an attempt to more even the playing field in Windows vs. Linux as far as security goes. Neither has a good track record as far as I'm concerned. Wed, 06 Apr 2005 04:25:00 GMT donotreply@osnews.com (Anonymous) Comments Secunia is danish http://osnews.com/thread? http://osnews.com/thread? Not that its very important, but I was under the impression that Secunia is danish - Or have they been bought up recently?

From their website:

Secunia
Toldbodgade 37B
1253 Copenhagen K
Denmark Wed, 06 Apr 2005 06:46:00 GMT donotreply@osnews.com (Anonymous) Comments