From: Chris 

I never said Firefox was perfect.  Just highlighting the huge insecurity of
IE.  =)   And, for the Internet Explorer Command Execution
Vulnerability, Firefox IS immune to that one. :)

Anyhow, I consider firefox to be a better, more secure browser overall, but
nothing is totally secure, except staying home in bed hiding under the
covers from the sunshine. ;)

/Chris


Glenn Meadows wrote:
> Firefox has it's own issues that are coming to light, it's not a smooth
> piece of cake either...see below:
>
> http://www.theregister.co.uk/2005/01/07/mozilla_flaws/
>
> Mozilla and Firefox flaws exposed
> By John Leyden
> Published Friday 7th January 2005 12:14 GMT
> Mozilla and Firefox users were warned of a number of potentially troublesome
> security vulnerabilities this week.
>
> The most serious flaw involves a buffer overflow bug in the way Mozilla
> processes the NNTP (news) protocol. The bug creates a means for hackers
> inject hostile code into vulnerable systems, providing they trick users into
> executing maliciously constructed news server links. All versions of Mozilla
> prior to 1.7.5 are affected. Firefox users are advised to make sure they are
> running version 1.0 to minimise any risk. The flaw was discovered by Maurycy
> Prodeus of Polish firm iSEC Security Research.
>
> Next up, Secunia has discovered a flaw that creates a means to spoof the
> source displayed in the Firefox's download dialog box. The vulnerability has
> been confirmed in Mozilla 1.7.3 for Linux, Mozilla 1.7.5 for Windows, and
> Mozilla Firefox 1.0. Other versions may also be affected, Secunia warns. It
> advises Firefox users to avoid download links from untrusted sources pending
> the availability of patches from the Mozilla project.
>
> Finally, there's a less serious problem affecting Firefox and its email
> client Thunderbird. Security researchers have found that temporary files are
> stored by the popular packages in a format that makes it possible for snoops
> to read the content of downloads and attachments of other users on the same
> machine.
>
> An overview of these flaws and suggested workarounds can be found here. R
>
> ---------------------------------
>
> The best remedy is not surf the net.....LOL....
>

--- BBBS/NT v4.01 Flag-5