Language Selection

English French German Italian Portuguese Spanish

Mozilla disputes Firefox flaws

Filed under

Mozilla's security chief Tuesday panned a pair of Firefox bugs revealed Monday as low-level threats but hours later changed her mind and said that when used together, they could pose a greater risk.

The researcher who disclosed the vulnerabilities agreed with her. Mostly.
Michal Zalewski, who regularly publishes browser flaw findings, on Monday posted details on the Full-disclosure mailing list about four browser vulnerabilities, including two affecting Firefox. He categorized one as a "major" threat, and he saw the other as only a "medium" threat.

In an entry on the Mozilla security blog -- which debuted last week -- Window Snyder, the company's chief security officer, said the more serious of the two bugs found by Zalewski was no more than a spoofing vulnerability and deserved only a "low" rating.

More Here.

Also: AllPeers Reaches Agreement to Offer Mozilla Firefox with AllPeers Bundle

More in Tux Machines

KDE Plasma 5.5

  • KDE Plasma 5.5 Windows 8 Metro-Inspired Theme Looks Interesting
    KDE developer Kai Uwe has just published a lengthy article where he talks about developing a Windows 8-inspired theme for the upcoming KDE Plasma 5.5 desktop environment.
  • KDE Developer Working On Windows 8 Inspired Look
    Kai Uwe has been working on some experimental hacks to resemble Windows 8, although Microsoft's default interface has changed with Windows 10. He's calling this work "U-Bahn" (the German equivalent of a Metro subsystem system) in reference to Microsoft at the time calling it Metro. This was just some brief hacking and he's not planning to see this U-Bahn project through to the end.
  • Pursuing Awesomeness
    While applets can be installed through “Get Hot New Stuff” and distribution repositories, there’s also the classic .plasmoid file. A feature suggested by one of my colleagues – fresh KDE Plasma user – was to drag .plasmoid files onto the desktop or panel and have them installed. After Marco Martin implemented the neccessary KPackage plumbing this is now possible.

Security Leftovers

Leftovers: Gaming

Debian's APT 1.1 Accepted Into Unstable

It's been over a year and a half since APT 1.0 was released by the Debian development community while today APT 1.1 has reached the unstable community. Read more