Lab Notes

Musings on Wi-Fi security issues, our product plans, and the general state of the world. Follow up with your comments and complaints to Lab Notes's .

Writing Secure Web Browsers Is Hard, Part XVIII

There's a new exploit in Firefox that allows arbitrary code execution by simply having a user click on a URL in a web page. Fortunately, it's an easy fix and there should be a patch available very shortly.It's yet another browser bug, but what really caught my eye was the cryptic sentence:
However, in an example of the uneasy alliance between security researchers and software makers, he decided to publicly disclose the flaw after a run-in with Mozilla staff, he said.
I'm curious as to what exactly happened. A lot of developers are very sensitive about their code, and get angry when you point out its flaws (which it invariably has, but that's another story). Personally, I get embarrassed about my own bugs, and when a user reports one, I'm apologetic to the point of obsequiousness.
By Periodik Labs on September 9, 2005 9:49 AM |

Search

Recent Entries

Mac OS X 10.5.1
Elektron and Leopard
Elektron 2.0.1755
AirPort Base Station Update 2007-002
AirPort Extreme Update 2007-004
New Elektron Release: 2.0.1744
PARC: Wi-Fi PKI Usability Stinks
A Real iPhone Exploit?
Duke: iPhones Don't Actually Attack
When iPhones Attack

Monthly Archives

November 2007 (1)
October 2007 (1)
September 2007 (1)
August 2007 (1)
July 2007 (8)
June 2007 (16)
November 2005 (8)
October 2005 (13)
September 2005 (22)
August 2005 (23)
July 2005 (21)
June 2005 (26)
May 2005 (23)
April 2005 (23)
March 2005 (25)
February 2005 (23)
January 2005 (29)
December 2004 (32)
November 2004 (32)





Subscribe to Lab Notes