Security threats Toolkit

Story: Think vulnerabilities only happen in IE? Think again

• 
• 

"In fact, troubles for the increasingly popular browser are coming so fast and furious that mozillaZine has reported that a new Firefox release candidate has already replaced the Firefox release candidate 1.0.3, which became available on April 5."
The extra fixes to be included in 1.0.3 fix bug 281988. There have been no security problems found with the code relating to that bug, just the potential for problems.
https://bugzilla.mozilla.org/show_bug.cgi?id=281988

"Be forewarned that this release candidate 1.0.3, and probably the eventual release version as well, is likely to cause problems with a number of extensions."

"Asa Dotzler has announced another set of Mozilla Firefox 1.0.3 release candidates. ***These builds should allow extensions and other features to operate as they did in Firefox 1.0.2 while still including the security improvements wanted by the Mozilla Foundation.***"
http://www.mozillazine.org/talkback.html?article=6369

"Of course, while you can switch to Firefox to avoid the latest IE vulnerability, you'll then have to deal with the new Firefox vulnerability instead—and it appears to be nearly as dangerous."
IE's problem is remote code execution. Firefox's is information disclosure. I don't know about you, but I'd much rather have an attacker be able to read random bits of memory than him be able to run whatever code he likes on my machine.

"All of the Mozilla, Firefox, and Navigator threats appear to involve Java. So, until Mozilla releases a patch, disabling JavaScript will block any attack attempts in the meantime."
Java is not the same Javascript! Perhaps you should let someone who knows the difference write the articles from now on.

• 
• 

• 
• 
• 

Full Talkback thread