On Tue, 15 Mar 2005 10:51:26 -0500, Allen Farley <[EMAIL PROTECTED]> wrote:
From the article:
The weakness has been confirmed in version 1.0.1. Other versions may
also be affected.
I also tested the sample code with FF 1.0.1, and they are right.
It's not unusual for me to save a zip (because I want to keep a copy), and then right-away click "Open" when it's finished downloading. Now I know that could be a recipe for disaster, if I were not to notice the change in filename. So thanks for posting the alert.
I suppose it's too-good-to-be-true that there is an email alert service for these exploits? One that covers only FF, not every thing under the sun?
...and it occurs to me yet once again, that one big reason for the proliferation of spam, spyware, viruses and on and on ad nauseum is that the bad guys hardly ever suffer any punishment. It's like burglars being allowed to try as many doors as they want to.
In the too-good-to-be-true category, would a webpage do as a stop-gap measure? http://secunia.com/product/4227/ There may be other possibilities there as well.
On punishing the bad guys, my suggestions would most likely be considered inhumane for these creatures.
Allen _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
