Categories
Mozilla

Firefox growth “not inherently sustainable”

From ZDNet:

The Mozilla Foundation’s Firefox browser got off to an incredible start since its release in early November 2004, but growth is driven by factors that are not inherently sustainable….

Say it ain’t so! It’s time to make the world realize the past few months are nothing compared to what Firefox is capable of.

Spread on!

Categories
Mozilla Security

IDN Security Hole

An interesting observation regarding yesterday’s security bug. I did this using 1.0+.

Here’s what it looks like when the exploit is presented:
Exploit: example

Now look at the title bar when you “view source”:
Exploit: view Source

Is this a temporary way to validate the authenticity of the website?
I have no clue. I’m just reporting my observations.

Categories
Mozilla

mozPod Status Update

I’ve promised mozPod for some time, well it’s getting close to a 0.1 release, just a few more things I want to do. Some cool things in the past few days:

  • Supports most fields, so you’ll get lots of info on your iPod. iPod doesn’t support everything Mozilla does, so we can’t get it all, but we do a great job anyway.
  • Sync isn’t complete, but it’s not bad, pretty quick for most reasonable Address Books
  • Should feature an exclusive Asa Dotzler sync icon (or so he promised). I had the option of using an unpublished Picasso, but I declined instead choosing a Dotzler.

It’s not done yet, but were starting to look usable, and that’s a good thing πŸ˜€

Update [12-26-2005]: It’s out, and available here.

Categories
Mozilla

Back to the drawing board

Don’t ask me how I came upon this, I was just casually link hopping, as we all do, and stumbled upon one of the semi-forgotten artifacts of Mozilla Heritage.

I’m sure some who haven’t stumbled upon this before will enjoy some of Ben Goodger’s work from days of old. Of particular note is “addins”, described as “details about proposed addins plan. Superseded by XPInstall and overlays.” Includes some hand drawn diagrams.

I remember way back when releases were milestones… and buggy as heck on Mac OS Classic. Good times.

This concludes the lesson in Mozilla History 101.

Categories
Funny Mozilla Security

Mozilla Security Hole: Household Emergent Behavior Vulnerability

I sent the following to the security list at 4:02 PM EST. I rate it a “critical” security vulnerability due to the harm it can inflict. This vulnerability is found in all Mozilla products to date (including nightlies).

Overview
Apparently Firefox has been making sexual advances towards Roomba’s (as seen on slashdot 02/05/2005), causing them to lock themselves in rooms in order to avoid being molested by the otherwise innocent looking Mozilla Products. Similar problems have been reported with other electronic devices: Toasters, VCR’s, Cell Phones, Alarm Clocks, Rosie the maid from the Jetsons, Johnny 5, R2D2, and Al Gore. I suspect people with pacemakers may be at risk, but I have yet to find any direct evidence or testimony.

Analysis
The vulnerability seems to be in nsISEXUALadvance, though libPr0n may also be problematic. There are actually 3 distinct problems with nsISEXUALadvance:

  • Doesn’t check to see if object.sexualDesire is of the same platform type
  • Doesn’t check to see if object.sexualDesire is >= age Of Consent
  • Doesn’t check to see if object.sexualAdvanceCount <= 1

I have yet to find if libPr0n has any influence on this bug. There is some research that suggests it many influence this behavior, though some ideological bias may be influencing that conclusion.

Products Effected
This vulnerability effects all Mozilla products tested.

Recommendation
I’d suggest this block Firefox 1.1, as well as Mozilla 1.8b until it’s resolved.

Provided and/or discovered by:
Robert Accettura Feb 5, 2005

Etc.:
This fufills a statement that I gave Asa over IRC that I could beat some of the other goofy stuff that comes in to security@mozilla.org.

Categories
Apple

Qualified for a Mini Mac!

mac mini qualified! Well, after the success with Free iPods, I went for a free Mac Mini, because as we all know, I’m obsessed with Apple products. So I guess I’m on my way to mini-ownership. And I’m a proud parent-to-be. Time to find some desk space, a LCD display, and perhaps a KVM switch… once I figure out how/where to setup.

Oh Joy!!!!!

Categories
Internet

Rojo Invite

Seems like I’m not the only one to resort to begging today. I’d love a Rojo invite. So if someone can help me out, I’d appreciate it.

Edit: 02/09/2005 – Asa hooked me up

Categories
Apple Mozilla

mozPod Status Update

I mentioned a little while ago that I was working on mozPod, to bring iPod sync to Mozilla products. I stopped for a while because I don’t have USB 2 on my laptop, and that makes hooking an iPod up really really bad. In fact, it’s pretty much been sitting in a box since November (yea, that’s bad). Well I ordered a USB 2 Card for my laptop the other day. It shipped, so I should get it in a few days. But it will be another few days until I get a protective case for my iPod, so I won’t be taking it with me, so I’ll only be doing a tiny bit of hacking.

Oh yea, the reporter tool has been consuming a ton of the time I devote to open source work. So as that starts to slow down a bit, mozPod gets a little more time.

Now if anyone wants to write some synchronization code, feel free to do so. πŸ˜‰

Update [12-26-2005]: It’s out, and available here.

Categories
Open Source

Legal Center for Open Source Projects

These guys are hero’s. The fact that they are needed sucks. It’s good to see someone preparing to take on what will be a more and more essential task as some of the corporations feel threatened by open source.