Mozilla ve Mozilla Firefox'ta Güvenlik Açığı! ;-)

0
Challenger
Sürekli Internet Explorer' ın güvenlik açıklarından, güvensiz bir web tarayıcısı olduğundan bahsedip, herkese Mozilla kullanmasını tavsiye edip duruyoruz. Peki Mozilla' da hiç mi güvenlik açığı çıkmıyor? Çıkıyor tabi. Ama hemen gideriliyor! Newsforge' da yayınlanan bu yazıda 8 Temmuz' da rapor edilen bir açıktan ve aynı gün içerisinde giderilmesinden bahsediliyor. Bu açık Mozilla aracılığıyla uzaktan kod çalıştırılabilmesine neden oluyor. Ancak, açık sadece Windows NT, 2000 ve XP sistemlerinde etkili oluyor.
Yazıda, Mozilla' da oluşan bir hatanın, Mozilla' nın açık kodlu olması nedeniyle hemen giderildiğini anlatıyor. Micros~1' un her fırsatta dile getirdiği "açık kod güvensizdir" iddiasının ne kadar yanlış olduğu da bu örnekle daha iyi anlaşılabiliyor. Internet Explorer' da ortaya çıkan bir açığa Micros~1 tarafından ancak 7 gün sonra bir yama çıkarılabildiği ve bu 7 gün sonrasında aynı açığın tekrarlandığından bahsediyor ve sonunda şu soruyu soruyor: "Bir topluluğun, Mozilla içerisindeki bir Windows güvenlik zayıflığını keşfetmesi, tartışması ve çözerek yamasını çıkarması için 1 gün, ciddi bir Microsoft' un, bir IE güvenlik açığını yanlış ve sorunlu bir yama ile gidermeye çalışması 7 gün. Şimdi söyleyin bana Bay Ballmer, Bay Gates: Hangi geliştirme modeli daha iyi?"

Mozilla ve Mozilla Firefox güvenlik yaması için: http://ftp.mozilla.org/pub/mozilla.org/mozilla/releases/mozilla1.7.1/shellblock.xpi
Bilgi için: http://www.mozilla.org/security/shell.html

Görüşler

0
bahadirkandemir
"Açık Kaynak kodu sürüm değişikliklerinde uyumluluk garantisi getirmiyor." - Bill Gates

Adam haklı; baksanıza, bir gün önce exploit edebileceğiniz bir yazılım artık birşey yapamıyorsunuz. Geriye uyumluluk nerdeee?
0
FZ
Hakikaten yahu! Yani mesela misal insan incelemek istiyor o açığı, onunla ilgili kodları falan kurcalayıp üç beş zavallı masum üzerinde denemek istiyor falan ama nerdeee, Mozilla ekibi 24 saat içinde gideriyor açığı, el insaf! İnsan biraz bürokratik olur, biraz yavaş olur kardeşim!


Birkaç saat önce okuduğum bir habere göre bazı şirketler tüm bu IE güvenlik problemlerine rağmen IE´den vazgeçebilecek durumda değillermiş, sebep: Kullandıkları Internet/Intranet uygulama web sayfalarındaki bir sürü ActiveX komponenti. Afferim dedim, çok iyi yapmışsınız dedim, böyle devam edin dedim ;-)
0
Challenger
ActiveX için bir de buna bakın:
http://www.iol.ie/~locka/mozilla/mozilla.htm [www.iol.ie]
0
SHiBuMi
Pes doğrusu :) Mozilla'da çıkan güvenlik açığı bile bir anda dönüp dolaşıp Microsoft'a laf sokmaya vesile oluyor :)
0
Challenger
Olur tabi. Açık neden sadece windows' ta çalışıyor?
0
conan
Acik laf sokmaya vesile olmuyor, acigin yamanma yontemi laf sokma nedeni. Gercekler ortada.

Simdi http://securityfocus.com/bid/vendor adresine gidiyorsun, Ilk once Vendor olarak Microsoft seciyorsun, sonra Title olarak Internet Explorer seciyorsun kac tane vakasi var bakiyorsun.

2004-07-08: Microsoft Internet Explorer Self Executing HTML File Vulnerability
2004-07-07: Microsoft Internet Explorer Non-FQDN URI Address Zone Bypass Vulnerability
2004-07-05: Multiple Vendor Internet Browser User Action Prediction/Interception Weakness
2004-07-03: Microsoft Internet Explorer Cross-Domain Frame Loading Vulnerability
2004-07-03: Microsoft Internet Explorer Shell.Application Object Script Execution Weakness
2004-07-02: Microsoft Internet Explorer ADODB.Stream Object File Installation Weakness
2004-06-22: Multiple Browser URI Obfuscation Weakness
2004-06-21: Microsoft Internet Explorer Modal Dialog Zone Bypass Vulnerability
2004-06-16: Microsoft Internet Explorer HREF Save As Denial of Service Vulnerability
2004-06-15: Microsoft Internet Explorer Wildcard DNS Cross-Site Scripting Vulnerability
2004-06-10: Multiple Microsoft Internet Explorer Script Execution Vulnerabilities
2004-06-07: Microsoft Internet Explorer URL Local Resource Access Weakness
2004-06-04: Microsoft Internet Explorer ITS Protocol Zone Bypass Vulnerability
2004-05-25: Multiple Vendor URI Protocol Handler Arbitrary File Creation/Modification Vulnerability
2004-05-18: Microsoft Internet Explorer CSS Style Sheet Memory Corruption Vulnerability
2004-05-15: Microsoft Internet Explorer http-equiv Meta Tag Denial of Service Vulnerability
2004-05-14: Microsoft Internet Explorer Codebase Double Backslash Local Zone File Execution Weakness
2004-05-14: Microsoft Internet Explorer Double Backslash CHM File Execution Weakness
2004-05-14: Microsoft Internet Explorer Interface Spoofing Vulnerability
2004-05-11: Microsoft Internet Explorer Unconfirmed Memory Corruption Vulnerability
2004-05-10: Microsoft Internet Explorer XML Parsing Denial Of Service Vulnerability
2004-05-10: Microsoft Internet Explorer Embedded Image URI Obfuscation Weakness
2004-04-30: Microsoft Internet Explorer Meta Data Foreign Domain Spoofing Vulnerability
2004-04-17: Microsoft Internet Explorer Object Element Data Denial Of Service Vulnerability
2004-04-12: Microsoft Internet Explorer Bitmap File Processing Denial of Service Vulnerability
2004-04-07: Microsoft Internet Explorer Remote IFRAME Denial Of Service Vulnerability
2004-04-06: Microsoft Internet Explorer Macromedia Flash Player Plug-in Remote Denial of Service Vulnerability
2004-04-06: Microsoft Internet Explorer MSWebDVD Object Denial of Service Vulnerability
2004-04-01: Microsoft Internet Explorer HTML Form Status Bar Misrepresentation Vulnerability
2004-03-26: Multiple Vendor Internet Browser Cookie Path Argument Restriction Bypass Vulnerability
2004-03-08: Multiple Vendor HTTP Response Splitting Vulnerability
2004-03-04: Microsoft Internet Explorer Script URL Cross-Domain Access Violation Vulnerability
2004-03-04: Microsoft Internet Explorer window.open Search Pane Cross-Zone Scripting Vulnerability
2004-03-04: Microsoft Internet Explorer window.open Media Bar Cross-Zone Scripting Vulnerability
2004-02-27: Microsoft Internet Explorer Cross-Domain Event Leakage Vulnerability
2004-02-16: Microsoft Internet Explorer Bitmap Processing Integer Overflow Vulnerability
2004-02-11: Microsoft Internet Explorer Unauthorized Clipboard Contents Disclosure Vulnerability
2004-02-10: Microsoft Internet Explorer Double-Null URI Denial Of Service Vulnerability
2004-02-09: Microsoft Internet Explorer LoadPicture File Enumeration Weakness
2004-02-03: Microsoft Internet Explorer NavigateAndFind() Cross-Zone Policy Vulnerability
2004-02-02: Multiple Browser URI Display Obfuscation Weakness
2004-02-02: Microsoft Internet Explorer BackToFramedJPU Cross-Domain Policy Vulnerability
2004-02-02: Microsoft Internet Explorer Window.MoveBy/Method Caching Mouse Click Event Hijacking Vulnerability
2004-01-27: Microsoft Internet Explorer CLSID File Extension Misrepresentation Vulnerability
2004-01-02: Microsoft Internet Explorer Malicious Shortcut Self-Executing HTML Vulnerability
2003-12-30: Microsoft Internet Explorer HTTP Referer Information Disclosure Vulnerability
2003-12-30: Microsoft Internet Explorer showHelp CHM File Execution Weakness
2003-12-23: Microsoft Internet Explorer File Download Warning Bypass Vulnerability
2003-11-26: Microsoft Internet Explorer Invalid ContentType Cache Directory Location Disclosure Weakness
2003-11-26: Microsoft Internet Explorer Double Slash Cache Zone Bypass Vulnerability
2003-11-17: Microsoft Internet Explorer ExecCommand Cross-Domain Access Violation Vulnerability
2003-11-17: Microsoft Internet Explorer Function Pointer Override Cross-Domain Access Violation Vulnerability
2003-11-11: Multiple Vendor Invalid X.509 Certificate Chain Vulnerability
2003-11-11: Microsoft Internet Explorer XML Object Zone Restriction Bypass Vulnerability
2003-11-11: Microsoft Internet Explorer DHTML Drag and Drop Local File Saving Vulnerability
2003-11-08: Microsoft Internet Explorer Self Executing HTML Arbitrary Code Execution Vulnerability
2003-11-05: Microsoft Internet Explorer JavaScript Local File Enumeration Vulnerability
2003-11-05: Microsoft Internet Explorer Local Resource Reference Vulnerability
2003-10-22: Microsoft Internet Explorer Scrollbar-Base-Color Partial Denial Of Service Vulnerability
2003-10-09: Microsoft Windows Media Player IE Zone Access Control Bypass Vulnerability
2003-10-09: Microsoft Windows Media Player Automatic File Download and Execution Vulnerability
2003-10-08: Microsoft Internet Explorer XML Page Object Type Validation Vulnerability
2003-10-08: Microsoft Internet Explorer %USERPROFILE% File Execution Weakness
2003-10-04: Microsoft Internet Explorer Absolute Position Block Denial Of Service Vulnerability
2003-10-04: Microsoft Internet Explorer Browser Popup Window Object Type Validation Vulnerability
2003-09-02: Microsoft mshtml.dll Library GIF Image Handling Denial of Service Vulnerability
2003-09-02: Microsoft Internet Explorer Object Type Validation Vulnerability
2003-08-26: Microsoft Internet Explorer BR549.DLL ActiveX Control Buffer Overflow Vulnerability
2003-08-26: Microsoft Internet Explorer Zone Restriction Bypass Script Execution Vulnerability
2003-08-26: Microsoft Internet Explorer OBJECT Tag Buffer Overflow Vulnerability
2003-07-29: Microsoft Internet Explorer CLASSID Denial of Service Vulnerability
2003-07-29: Microsoft Internet Explorer CLASSID Variant Denial Of Service Vulnerability
2003-07-14: Microsoft Internet Explorer window.createPopup Interface Spoofing Vulnerability
2003-07-13: Microsoft Internet Explorer AutoScan Method Browser Security Policy Violation Weakness
2003-07-07: Microsoft Internet Explorer Custom HTTP Error HTML Injection Vulnerability
2003-07-02: Microsoft Internet Explorer Remote URLMON.DLL Buffer Overflow Vulnerability
2003-06-17: Microsoft Internet Explorer MSXML XML File Parsing Cross-Site Scripting Vulnerability
2003-06-04: Microsoft Internet Explorer Classic Mode FTP Client Cross Domain Scripting Vulnerability
2003-06-04: Internet Explorer file:// Request Zone Bypass Vulnerability
2003-05-30: Microsoft Internet Explorer False URL Information Vulnerability
2003-05-27: Microsoft Internet Explorer Malformed JavaScript Denial of Service Vulnerability
2003-05-05: Microsoft Internet Explorer DHTML AnchorClick Partial Denial Of Service Vulnerability
2003-05-02: Microsoft Internet Explorer Plugin.OCX EnableFullPage Input Validation Vulnerability
2003-05-02: Microsoft Internet Explorer Plugin.OCX Load() Method Buffer Overflow Vulnerability
2003-04-23: Microsoft Internet Explorer dragDrop Method Local File Reading Vulnerability
2003-04-23: Microsoft Internet Explorer Dialog Style Same Origin Policy Bypass Vulnerability
2003-04-21: Microsoft Internet Explorer Self-Referential Object Denial of Service Vulnerability
2003-03-12: Microsoft Internet Explorer .MHT File Buffer Overflow Vulnerability
2003-02-13: Microsoft Internet Explorer ShowHelp Arbitrary Command Execution Vulnerability
2003-02-13: Microsoft Internet Explorer Dialog Box Cross-Domain Violation Vulnerability
2002-12-26: Microsoft Internet Explorer Multimedia Page Cross-Site Scripting Vulnerability
2002-12-12: Microsoft Internet Explorer PNG Deflate Heap Corruption Vulnerability
2002-12-04: Multiple Microsoft Internet Explorer Cached Objects Zone Bypass Vulnerability
2002-11-29: Microsoft Internet Explorer UserData Insecure Default Configuration Vulnerability
2002-11-22: Microsoft Data Access Components RDS Buffer Overflow Vulnerability
2002-11-21: Microsoft Internet Explorer Object Tag Temporary Internet File Folder Vulnerability
2002-11-21: Microsoft Internet Explorer IFrame/Frame Cross-Site/Zone Script Execution Vulnerability
2002-11-21: Microsoft Internet Explorer HTML Same Origin Policy Violation Vulnerability
2002-11-21: Microsoft Internet Explorer PNG Buffer Overflow Vulnerability
2002-11-19: Microsoft Internet Explorer IFRAME dialogArguments Cross-Zone Access Vulnerability
2002-11-06: Microsoft Internet Explorer Document Reference Zone Bypass Vulnerability
2002-10-21: Microsoft Internet Explorer Document.Write() Zone Bypass Vulnerability
2002-10-15: Microsoft Internet Explorer Unauthorized Document Object Model Access Vulnerability
2002-09-23: Microsoft Internet Explorer SSL Certificate Expiration Vulnerability
2002-09-17: Microsoft Internet Explorer URI Handler Restriction Circumvention Vulnerability
2002-09-10: Microsoft Internet Explorer Cascading Style Sheet File Disclosure Vulnerability
2002-09-10: Microsoft Internet Explorer DYNSRC File Information Disclosure Vulnerability
2002-08-27: Microsoft Internet Explorer XMLHTTP File Disclosure Vulnerability
2002-08-26: Microsoft Internet Explorer Dialog Same Origin Policy Bypass Variant Vulnerability
2002-08-26: Microsoft Internet Explorer Legacy Text Formatting ActiveX Component Buffer Overflow Vulnerability
2002-08-23: Microsoft Internet Explorer XML Redirect File Disclosure Vulnerability
2002-08-23: Microsoft Internet Explorer Download Dialogue File Source Obfuscation Vulnerability
2002-08-23: Microsoft Internet Explorer OBJECT Tag Same Origin Policy Violation Vulnerability
2002-08-23: Multiple Microsoft Product Gopher Client Buffer Overflow Vulnerability
2002-08-23: Multiple Microsoft Internet Explorer Vulnerabilities
2002-08-20: Microsoft Internet Explorer Cookie Content Disclosure Vulnerability
2002-08-18: Microsoft Internet Explorer Java Logging Executable Code Vulnerability
2002-08-17: Microsoft Internet Explorer XML Datasource Applet File Disclosure Vulnerability
2002-08-13: Microsoft Internet Explorer File Attachment Script Execution Vulnerability
2002-07-31: Microsoft Office XP/Internet Explorer OWC File Creation Vulnerability
2002-07-29: Multiple Browser Vendor Same Origin Policy Design Error Vulnerability
2002-07-24: Multiple Vendor Web Browser JavaScript Modifier Keypress Event Subversion Vulnerability
2002-06-15: Microsoft Internet Explorer CSSText Bold Font Denial Of Service Vulnerability
2002-06-06: Microsoft Internet Explorer FTP Web View Cross Site Scripting Vulnerability
2002-05-29: Multiple Vendor JavaScript Interpreter Denial Of Service Vulnerability
2002-05-16: Microsoft Internet Explorer Content-Disposition Handling File Execution Vulnerability
2002-05-16: Microsoft Internet Explorer Dialog Same Origin Policy Bypass Vulnerability
2002-05-15: Microsoft Internet Explorer Zone Spoofing Vulnerability
2002-05-01: Microsoft Internet Explorer/Outlook Express XBM Handling DoS Vulnerability
2002-04-24: Internet Explorer Recursive JavaScript Event Denial of Service Vulnerability
2002-04-18: Microsoft Internet Explorer History List Script Injection Vulnerability
2002-04-16: Microsoft Internet Explorer Unicode Character Handling DoS Vulnerability
2002-04-09: Microsoft VBScript ActiveX Word Object Denial Of Service Vulnerability
2002-04-09: Microsoft Internet Explorer Arbitrary Program Execution Vulnerability
2002-04-09: Microsoft Internet Explorer Known Local File Script Execution Vulnerability
2002-03-15: Microsoft VBScript Same Origin Policy Violation Vulnerability
2002-02-28: Microsoft Internet Explorer HTML Document Directive Buffer Overflow Vulnerability
2002-02-14: Microsoft IE Same Origin Policy Violation Vulnerability
2002-02-12: Microsoft Internet Explorer MIME Type File Extension Spoofing Vulnerability
2002-02-12: Microsoft Internet Explorer Content-Type Field Arbitrary File Execution Vulnerability
2002-02-12: Microsoft Internet Explorer Forced Script Execution Vulnerability
2002-02-12: Microsoft Internet Explorer GetObject File Disclosure Vulnerability
2002-02-08: Microsoft IE Temporary Internet Files Folder Disclosure Vulnerability
2002-02-07: Multiple Vendor HTML Form Protocol Vulnerability
2002-01-22: Microsoft Internet Explorer Clipboard Reading Vulnerability
2002-01-16: Microsoft Internet Explorer Form Denial of Service Vulnerability
2002-01-16: Microsoft Windows XP Pro Upgrade IE Patch Downgrade Vulnerability
2002-01-07: Microsoft Internet Explorer Modeless Dialog DoS Vulnerability
2002-01-03: Microsoft Internet Explorer Patch Q312461 Existence Vulnerability
2001-12-21: Microsoft Internet Explorer Refresh Denial of Service Vulnerability
2001-12-20: Microsoft Internet Explorer Arbitrary File Execution Vulnerability
2001-12-17: Microsoft Internet Explorer Spoofable File Extensions Vulnerability
2001-12-14: Microsoft Internet Explorer Network Share Authentication Disclosure Vulnerability
2001-12-14: Microsoft Internet Explorer Remote File Viewing Vulnerability
2001-12-13: Multiple Vendor Image Count Denial of Service Vulnerability
2001-12-11: Microsoft Internet Explorer About: URL Zone Spoofing Vulnerability
2001-11-27: Microsoft Internet Explorer Patch Q290108 Vulnerability
2001-11-21: Microsoft Internet Explorer Password Character Determination Vulnerability
2001-11-15: Microsoft Internet Explorer Zone Spoofing Vulnerability
2001-11-15: Microsoft Internet Explorer Cookie Disclosure Vulnerability
2001-11-14: Microsoft Internet Explorer Cookie Disclosure/Modification Vulnerability
2001-10-11: Microsoft IE Telnet Client File Overwrite Vulnerability
2001-10-11: Microsoft Internet Explorer HTTP Request Encoding Vulnerability
2001-09-18: Microsoft IE MIME Header Attachment Execution Vulnerability
2001-08-15: Microsoft Internet Explorer File Disclosure Vulnerability
2001-08-15: Microsoft Internet Explorer Server Certificate Validation Vulnerability
2001-08-15: Microsoft IE SSL Spoofing Vulnerability
2001-08-15: Microsoft MSHTML.DLL Crash Vulnerability
2001-07-31: Multiple Vendor IMG Tag DoS Vulnerability
2001-07-30: Microsoft Internet Explorer Arbitrary HTML File Execution Vulnerability
2001-06-07: Microsoft Internet Explorer File Contents Disclosure Vulnerability
2001-05-17: Microsoft IE DocumentComplete() Cross Frame Access Vulnerability
2001-05-15: Microsoft IE and OE XML Stylesheets Active Scripting Vulnerability
2001-04-18: MS Windows Explorer and Internet Explorer CLSID File Execution Vulnerability
2000-12-13: Microsoft Internet Explorer 'mstask.exe' CPU Consumption Vulnerability
2000-12-01: Microsoft Internet Explorer 'INPUT TYPE=FILE' Vulnerability
2000-12-01: Microsoft Internet Explorer 5.5 Print Template ActiveX Vulnerability
2000-11-23: Microsoft Internet Explorer 5.5 Index.dat Vulnerability
2000-10-24: Sun Compromised Browser Certificates Vulnerability
2000-10-12: Microsoft Internet Explorer Cached Web Credentials Disclosure Vulnerability
2000-09-04: Microsoft Internet Explorer Navigate Function Cross Frame Access Vulnerability
2000-08-10: Microsoft Internet Explorer Scriptlet Rendering Vulnerability
2000-07-14: Microsoft Internet Explorer 5.01 / 5.5 DHTMLED and IFRAME File Read Vulnerability
2000-06-27: Microsoft Internet Explorer 5.01 and Access 2000 / 97 VBA Code Execution Vulnerability
2000-06-27: Microsoft Internet Explorer 5.01 and Excel/Powerpoint 2000 ActiveX Object Execution Vulnerability
2000-06-24: Microsoft Internet Explorer and Outlook/Outlook Express Remote File Write Vulnerability
2000-06-06: Microsoft IE NavigateComplete2 Cross Frame Access Vulnerability
2000-06-05: Microsoft IE SSL Certificates Vulnerability
2000-05-17: MS IE ActiveX Combined Component Attributes Vulnerability
2000-05-11: Microsoft IE Cookie Disclosure Vulnerability
2000-04-19: MS IE 5.01 JSObject Cross-Frame Vulnerability
2000-03-01: MS IE HTML Help Shortcut Vulnerability
2000-02-19: Microsoft Signed ActiveX Active Setup Vulnerability
2000-01-07: Microsoft Internet Explorer Security Zone Settings Lag Vulnerability
1999-12-22: Microsoft IE external.NavigateAndFind() Cross-Frame Vulnerability
1999-12-06: Microsoft IE5 vnd.ms.radio URL Vulnerability
1999-12-02: Microsoft IE5 WPAD Spoofing Vulnerability
1999-11-30: Internet Explorer Subframe Spoofing Vulnerability
1999-11-29: Microsoft IE5 Offline Browsing Pack Task Scheduler Vulnerability
1999-11-22: Microsoft IE5 XML HTTP Redirect Vulnerability
1999-11-14: Microsoft Windows Media Player ActiveX Error Message Vulnerability
1999-11-08: Microsoft ActiveX CAB File Execution Vulnerability
1999-11-04: Microsoft IE window.open Redirect Vulnerability
1999-10-18: Microsoft IE5 Javascript URL Redirection Vulnerability
1999-10-11: Microsoft IE5 IFRAME Vulnerability
1999-09-27: Microsoft IE Setupctl ActiveX Control Buffer Overflow Vulnerability
1999-09-27: Microsoft hhopen OLE Control Buffer Overflow Vulnerability
1999-09-27: Microsoft IE Registration Wizard Buffer Overflow Vulnerability
1999-09-27: Microsoft IE5 Download Behavior Vulnerability
1999-09-13: Hotmail Javascript STYLE Vulnerability
1999-09-10: Microsoft IE Import/Export Favorites Vulnerability
1999-08-27: Microsoft HTML Form Control DoS Vulnerability
1999-08-25: Microsoft IE Virtual Machine Sandbox Vulnerability
1999-08-25: NT IE5 FTP Password Storage Vulnerability
1999-08-21: Microsoft IE5 ActiveX "Object for constructing type libraries for scriptlets" Vulnerability
1999-08-21: Microsoft IE5 ActiveX "Eyedog" Vulnerability
1999-06-01: Microsoft Internet Explorer EMBED Vulnerability
1999-06-01: DHTML Edit ActiveX Control File Stealing and Cross Frame Access Vulnerability
1999-06-01: Microsoft IE Scriptlet Component Vulnerability
1999-06-01: Microsoft Internet Explorer 5 Favicon Buffer Overflow Vulnerability
1999-06-01: Auto-execution Of VBA code Vulnerability
1999-06-01: Microsoft Internet Explorer Invalid Byte Cross-Frame Access Vulnerability
1999-06-01: Microsoft IE4 Clipboard Paste Vulnerability
1999-06-01: Multiple Vendor Browser Bookmark JavaScript Vulnerability
1999-06-01: Microsoft IE Legacy ActiveX Control Vulnerability
1999-06-01: Microsoft Internet Explorer 3.01 Remote .lnk/.url Vulnerability
1900-01-01: Microsoft Internet Explorer Directory Disclosure Vulnerability

Sonra aynisini Mozilla, Browser seklinde seciyorsun.
2004-07-09: Mozilla External Protocol Handler Weakness
2004-07-05: Multiple Vendor Internet Browser User Action Prediction/Interception Weakness
2004-06-14: Mozilla Browser URI Obfuscation Weakness
2004-05-26: Mozilla Browser Zombie Document Cross-Site Scripting Vulnerability
2004-05-26: Mozilla Browser Cookie Path Restriction Bypass Vulnerability
2004-04-15: Mozilla Messenger Remote Denial Of Service Vulnerability
2004-03-10: Mozilla Browser Script.prototype.freeze/thaw Arbitrary Code Execution Vulnerability
2004-03-10: Mozilla Browser Proxy Server Authentication Credential Disclosure Vulnerability
2004-02-02: Multiple Browser URI Display Obfuscation Weakness
2004-01-20: Mozilla Browser Cross Domain Violation Vulnerability
2003-12-31: Mozilla MailNews Client E-Mail Attachment Script Execution Vulnerability
2003-12-31: Mozilla Firebird Browser markLinkVisited Arbitrary Script Code Execution Vulnerability
2003-12-31: Mozilla Browser Custom Getter/Setter Objects Same Origin Policy Violation Vulnerability
2003-12-31: Mozilla Browser Scope Cross-Domain Function Or Variable Disclosure Vulnerability
2003-12-31: Mozilla Browser Default HTA Handling Weakness
2003-12-31: Mozilla URI Sub-Directory Arbitrary Cookie Access Vulnerability
2003-12-11: Mozilla Browser URI MouseOver Obfuscation Weakness
2003-11-26: Mozilla Chatzilla IRC URI Handler Memory Corruption Vulnerability
2003-11-13: Netscape/Mozilla JAR Remote Heap Corruption Vulnerability
2003-09-08: Multiple Vendor Web Browser LiveConnect JavaScript Denial Of Service Vulnerability
2003-06-07: Multiple Browser Timed Document.Write Method Cross Domain Policy Vulnerability
2003-06-03: Multiple Vendor Algorithmic Complexity Denial of Service Vulnerability
2003-06-01: Multiple IMAP Client Integer Overflow Vulnerabilities
2003-02-25: Netscape Style Sheet Denial Of Service Vulnerability
2003-02-13: Mozilla XMLSerializer Same Origin Policy Violation Vulnerability
2003-02-13: Mozilla Space Key XPI Installation Vulnerability
2003-02-13: Mozilla document.open() Memory Corruption Denial of Service Vulnerability
2003-02-13: Mozilla Browser HTTP/HTTPS Redirection Weakness
2003-02-13: Mozilla OnUnload Referer Information Leakage Vulnerability
2003-02-13: Multiple Browser Zero Width GIF Image Memory Corruption Vulnerability
2002-11-29: Mozilla Browser Large HTTP Header Buffer Overflow Vulnerability
2002-11-29: Netscape/Mozilla Javascript Array Object Heap Corruption Vulnerability
2002-11-29: Mozilla Netscape Navigator Plug-In Path Disclosure Vulnerability
2002-11-26: Netscape/Mozilla POP3 Mail Handler Integer Overflow Vulnerability
2002-09-18: Mozilla Multiple Vulnerabilities
2002-08-28: Netscape/Mozilla IRC Buffer Overflow Vulnerability
2002-08-06: Mozilla FTP View Cross-Site Scripting Vulnerability
2002-07-29: Multiple Browser Vendor Same Origin Policy Design Error Vulnerability
2002-07-24: Mozilla JavaScript URL Host Spoofing Arbitrary Cookie Access Vulnerability
2002-06-12: Netscape / Mozilla Malformed Email POP3 Denial Of Service Vulnerability
2002-05-29: Multiple Vendor JavaScript Interpreter Denial Of Service Vulnerability
2002-05-29: Netscape/Mozilla Null Character Cookie Stealing Vulnerability
2002-05-29: Netscape/Mozilla/Galeon Local File Detection Vulnerability
2002-05-29: Mozilla / Netscape 6 XMLHttpRequest File Disclosure Vulnerability
2001-12-28: Mozilla Predictable Temporary File Symbolic Link Attack Vulnerability
2001-12-13: Multiple Vendor Image Count Denial of Service Vulnerability
2000-07-25: Netscape Communicator JPEG-Comment Heap Overwrite Vulnerability

Cikan listeyi karsilastiriyorsun.

Open Source / Closed Source
0
Challenger
Burada aslında önemli olan listenin uzunluğundan ziyade açıkların ne kadar sürede ve ne kadar etkili bir şekilde giderildiğidir.
0
conan
Listenin uzunlugu onemli degil yani? Yani bir programin kac tane aciginin oldugu onemli degil nasil olsa kapanir? Bu mu yani yaklasim? Acigin kapanmasi kapanmamasindan cok daha iyidir ama acik olmamasi bence herseyden daha onemli.

Peki benim 20bin kullanicimin her makinasini tek tek nasil yamayacagim acik oldugunu kabullenirsem? Bunlardan bazilari ofise ayda bir kere ugruyorsa ve ne zaman ugradigi belli degilse ne yapacagim? Acik oldugu ve de yama oldugu halde koruyamadigim kullanicimdan iceriye geri zekali virusler girdigi zaman ne yapacagim?

Hadi onu birak sadece emailden ibaret oldugunu sana bir cok kisi ne yapsin? Ogrensin! Microsoft'la yasamayi ogrensin degil mi?

(Bunlari tartistigimiz sirada iki mozilla acigi daha belirlendi 0.9.3 yolda gozukuyor ;)
0
Challenger
Ben listenin uzunluğu önemsiz demedim. Yazılımlarda açık olmaması tabi ki herşeyden önemli. Ancak, çıkan açığın da bir an giderilmesi de çok önemli. Haber' de verdiğim linkteki yazıda da bir açığın ne kadar sürede ne kadar etkili bir şekilde giderildiğinden bahsediliyordu.
Görüş belirtmek için giriş yapın...

İlgili Yazılar

Türkçe Mozilla Eklentileri

anonim

Uzun uğraşlar sonunda Türkçe eklenti sayfası artık herkese açık. eklentiler.mozilla.org.tr

Artık yabancı eklenti derdi bitti. Bu sitede güncel eklentilerin Türkçe sürümlerini bulabilirsiniz. Sitede bulunan tüm eklentiler tamamen Türkçedir.Şu an sitede topla 24 tane eklenti bulunmaktadır.Bu eklentilerin çoğu, mozilla update de ilk 20-30 girmiş eklentiler.Şu an sadece ingilizcede olup başka dilerde olmaya eklentiler bile var.İleriki zamanlarda bu sayı gittikçe artacaktır.Umarım sizlerin de hoşunza gidecektir bu oluşum.Görüşlerinizi bizlerle paylaşırsanız seviniriz.

Firefox’ta da açık çıktı

everestk

6 Ocak 2005 — Açığın, internet dilinde ‘phishing’ olarak bilinen kimlik ve şifre hırsızlığına olanak sağladığı belirtildi. Açık, Firefox kullanıcısı bir siteden bir indirme yaptığı zaman çıkan diyalog kutusunun taklit edilmesine olanak veriyor. Uzmanlar açığın Firefox kullanıcılarını ‘phishing’ hacker’larına karşı korumasız hale getirdiğini belirtiyor.

Mozilla 0.9.9 çıktı

anonim

Yeni sürümde MathML standart olarak eklenmiş durumda. Ayrıca Unix sürümlerinde True Type font ve font anti-aliasing desteği var. Mükemmel bir browser, mail-news reader, HTML editor ve IRC Client'dan oluşan bu paketi hala denemeyen varsa çok şey kaçırıyorlar demektir.
Release notes..
Download..

Mozilla XUL İle Uzaktan Erişilebilen Uygulama Geliştirme

FZ

Mozilla ile uygulama geliştirmeyi zül addetmeyip XUL iyidir güzeldir ama şöyle sağlam bir iki örnek olsa makale tadında diyenler için: Remote Application Development With Mozilla - 1 ve Remote Application Development With Mozilla 2.

Örnek makalelerde uzaktan Mozilla ile erişebileceğiniz bir Mozilla Amazon Browser uygulaması geliştirilmesi adım adım anlatılıyor.

Mozilla Projesinde Radikal Değişim: Phoenix

Maverick

http://www.mozilla.org/roadmap.html ve http://mozillazine.org/talkback.html?article=3042 adreslerinde görülebileceği gibi Mozilla projesi Mail ve Browser bileşenlerini değiştirmek istiyor.

1.4 son klasik sürüm olacak ve stable 1.0.x serisinin yerini alacak. Ayrıca liderlik şekli değişip daha etkili modül sorumluları atanacak. Phoenix'e neler oluyor diyenler bunu beklemiyorladı sanırım ;^) (Tarihin 2 Nisan olduğunu hatırlatayım, bu bir şakaya benzemiyor) Bu haberle hız olarak slashdot'ı da geçmiş olduk bu arada...