From: "Glenn Meadows" 

Firefox has it's own issues that are coming to light, it's not a smooth
piece of cake either...see below:

http://www.theregister.co.uk/2005/01/07/mozilla_flaws/

Mozilla and Firefox flaws exposed
By John Leyden
Published Friday 7th January 2005 12:14 GMT Mozilla and Firefox users were
warned of a number of potentially troublesome security vulnerabilities this
week.

The most serious flaw involves a buffer overflow bug in the way Mozilla
processes the NNTP (news) protocol. The bug creates a means for hackers
inject hostile code into vulnerable systems, providing they trick users
into executing maliciously constructed news server links. All versions of
Mozilla prior to 1.7.5 are affected. Firefox users are advised to make sure
they are running version 1.0 to minimise any risk. The flaw was discovered
by Maurycy Prodeus of Polish firm iSEC Security Research.

Next up, Secunia has discovered a flaw that creates a means to spoof the
source displayed in the Firefox's download dialog box. The vulnerability
has been confirmed in Mozilla 1.7.3 for Linux, Mozilla 1.7.5 for Windows,
and Mozilla Firefox 1.0. Other versions may also be affected, Secunia
warns. It advises Firefox users to avoid download links from untrusted
sources pending the availability of patches from the Mozilla project.

Finally, there's a less serious problem affecting Firefox and its email
client Thunderbird. Security researchers have found that temporary files
are stored by the popular packages in a format that makes it possible for
snoops to read the content of downloads and attachments of other users on
the same machine.

An overview of these flaws and suggested workarounds can be found here. R

---------------------------------

The best remedy is not surf the net.....LOL....

--
Glenn M.


"Chris"  wrote in message
news:41e2c9d9$1{at}w3.nls.net...
> It's amazing... Firefox is immune to this exploit.  And
> WHO says MS is secure?  geez...
>
> /Chris
>
>
> Glenn Meadows wrote:
> > http://www.theregister.co.uk/2005/01/10/ie_sp2_exploit/
> > Exploit code attacks unpatched IE bug
> > By John Leyden
> > Published Monday 10th January 2005 12:08 GMT
> > Code which exploits a vulnerability in the HTML Help control of Internet
> > Explorer has been released onto the net. Secunia has upgraded the
> > vulnerability, uncovered in October 2004, to "extremely
critical". Even
> > users who have upgraded to Windows XP SP2 with all available patches are
> > affected, the security reporting firm warns.
> >
> > "The vulnerability can be exploited by malicious people to place and
execute
> > arbitrary programs on a client system if a user visits a malicious
website.
> > It doesn't require user interaction," Thomas Kristensen, CTO, told El
Reg.
> >
> > "The vulnerability was originally discussed as the Drag'n'Drop
vulnerability
> > back in October 2004. The new development only utilises flaws in the
HTML
> > Help control. Users can only protect themselves by disabling ActiveX
support
> > or using another product."
> > Secunia has published an online test for the vulnerability here. R
> >
> >


begin 666
trpix.gif?&rdm=02465694&dlv=704,20373,155651,119921,480011&kid=119921
&chw=9119921-&tcs=&bls3=000000U&bls4=000002155653&uid=1&dmn=.sentinelcorp.com&s
cx=1600&scy=1200&scc=16&jav=1&sta=,,,1,,,,,,,0,0,0,19679,19579,14659,393,501&ii
d=155651&bid=480011
K1TE&.#EA`{at}`"`(#_`,# P ```"'Y! $`````+
`````"``(```("A%$`.P`` `
end

--- BBBS/NT v4.01 Flag-5