Rational Action

Just letting everyone know: the new browser prototype issued by “Netscape”, which is based on Firefox 0.9.3, does not include any security updates created since that release. Don’t install it on friends’ computers and don’t use it on untrusted sites.

Even worse, users are reporting that it embeds IE via a plugin accessible to any website. That makes it vulnerable to both 0.9.3 and IE security holes.

You can verify yourself by checking the Mozilla Known Vulnerabilities page with the “Netscape Browser”. Click on a recent bug number and run its testcase. (For example, the Javascript clipboard access testcase worked, and the extremely wide BMP crashed the browser) You can also watch a random website embed IE by visiting this example. Users of the latest Firefox release may click all of these links in confidence.

This entry was posted on Wednesday, December 1st, 2004 at 6:01 pm and is filed under Mozilla. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.