Mozilla Security

False Alarm, Go Back To Bed

The other night I was reading about this new security flaw, and for some reason I couldn’t figure out why it was a security flaw. Why couldn’t you just download Firefox and open the file yourself? I presumed I was just tired, and went to bed.

Ends up I wasn’t the only one who didn’t think it was a vulnerability. Mike Shaver has more info on it. If someone wanted to get that information, they don’t need to get people to visit a hacked server. They can just download Firefox and open the file itself. No big deal.

Theoretically a custom enterprise build made by a company for use on it’s network could be modified, but I doubt it. Even if it was, it wouldn’t really contain anything very useful.

Always take things posted on a tech site with a grain of salt, unless they are confirmed by multiple experts. Slashdot ran the story a little premature.

1 reply on “False Alarm, Go Back To Bed”

The only vaguely interesting file I see in my minefield directory is install.log. This gives me the directory where firefox is installed and when it was installed, but not much else of interest.

IMO It’s still a *potential* vulnerability, albeit a very low-risk one. I for one don’t expect to be rushed for such a bug.

Leave a Reply

Your email address will not be published. Required fields are marked *