False Alarm, Go Back To Bed

The other night I was reading about this new security flaw, and for some reason I couldn’t figure out why it was a security flaw. Why couldn’t you just download Firefox and open the file yourself? I presumed I was just tired, and went to bed.

Ends up I wasn’t the only one who didn’t think it was a vulnerability. Mike Shaver has more info on it. If someone wanted to get that information, they don’t need to get people to visit a hacked server. They can just download Firefox and open the file itself. No big deal.

Theoretically a custom enterprise build made by a company for use on it’s network could be modified, but I doubt it. Even if it was, it wouldn’t really contain anything very useful.

Always take things posted on a tech site with a grain of salt, unless they are confirmed by multiple experts. Slashdot ran the story a little premature.

Tags: , , , ,

Related Posts

Related Posts


One Response to “False Alarm, Go Back To Bed”

  1. Lee says:

    The only vaguely interesting file I see in my minefield directory is install.log. This gives me the directory where firefox is installed and when it was installed, but not much else of interest.

    IMO It’s still a *potential* vulnerability, albeit a very low-risk one. I for one don’t expect 2.0.0.13 to be rushed for such a bug.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

By submitting a comment here you grant this site a perpetual license to reproduce your words and name/web site in attribution.