Skip to main content

WARNING: This is a dry, technical diary. No candidate impaled in the writing of this diary./WARNING

Yes, I realize that this board is dedicated to electing Democrats, and that computers and internet browsers have little to do with electing Democrats (unless, of course, you are part of the blogosphere, in which case the browser is THE most effective weapon in your arsenal).

I am writing this diary here, not just to inform you of the latest critical bug in a web browser, but to also illustrate the point that there is no SAFE anything in the computerworld. Computers, and everything on them, are as "safe" as you make them.

So, please permit me to relay this little piece of security announcement regarding a new vulnerability in Mozilla, and, by extension, FireFox.

Relaying this info is necessary because I have read quite a few postings here that encourage people to choose one browser over the other because one is "safe" and the other is not.

The completely non-geeky description of this bug is as follows:

THE PROBLEM:
Mozilla has a vulnerability that allows the stealing of (internet browser) cookies and other files from your computer if you visit a malicious site.

COOKIE? WHAT COOKIE?

  • Cookies are small chunks of files stored on your computers that allow the browser to more efficiently help you get on a website and conduct whatever business needs to be conducted.
  • Cookies can include small information, and they can include more than a little information.
  • If an attacker can steal the cookies to your online bank, they can use the information to conduct nefarious activities on your bank account, without your knowledge.
  • So, yeah, stealing your cookies is not an innocuous breach of security.
  • It is also relevant to point out that, with this vulnerability, an attacker can steal much more than JUST COOKIES from your computer.

WHAT IS IMPACTED:
It is hard to describe this without getting technical, or silly. But, Mozilla is the underlying engine that powers browsers like FireFox. A flaw in one of Mozilla's components can be actively exploited to gain access through FireFox (actually, FireFox add-ons) to session cookies and other files stored on your computer.

FireFox itself is NOT the problem. And this flaw can only be exploited in FireFox if you have installed some "add-ons". A partial list of add-ons known to make FireFox vulnerable, in this case, is available here, so if you have any of those, then your FireFox is susceptible to this vulnerability.

PROTECTION:
IF you have any of the add-ons listed in that link, your best bet is to enable "NoScript" in FireFox. Alternatively, just disable or tune FireFox's Javascript support.

This bug has been fixed in FireFox 2.0.12 which will be released soon.

THE GEEKY PART (for those interested):
It's possible to steal data from sessionstore.js including cookies
Chrome Protocol Directory Traversal issue
Firefox chrome: URL Handling Directory Traversal

Originally posted to akogun on Wed Jan 30, 2008 at 09:32 AM PST.

EMAIL TO A FRIEND X
Your Email has been sent.
You must add at least one tag to this diary before publishing it.

Add keywords that describe this diary. Separate multiple keywords with commas.
Tagging tips - Search For Tags - Browse For Tags

?

More Tagging tips:

A tag is a way to search for this diary. If someone is searching for "Barack Obama," is this a diary they'd be trying to find?

Use a person's full name, without any title. Senator Obama may become President Obama, and Michelle Obama might run for office.

If your diary covers an election or elected official, use election tags, which are generally the state abbreviation followed by the office. CA-01 is the first district House seat. CA-Sen covers both senate races. NY-GOV covers the New York governor's race.

Tags do not compound: that is, "education reform" is a completely different tag from "education". A tag like "reform" alone is probably not meaningful.

Consider if one or more of these tags fits your diary: Civil Rights, Community, Congress, Culture, Economy, Education, Elections, Energy, Environment, Health Care, International, Labor, Law, Media, Meta, National Security, Science, Transportation, or White House. If your diary is specific to a state, consider adding the state (California, Texas, etc). Keep in mind, though, that there are many wonderful and important diaries that don't fit in any of these tags. Don't worry if yours doesn't.

You can add a private note to this diary when hotlisting it:
Are you sure you want to remove this diary from your hotlist?
Are you sure you want to remove your recommendation? You can only recommend a diary once, so you will not be able to re-recommend it afterwards.
Rescue this diary, and add a note:
Are you sure you want to remove this diary from Rescue?
Choose where to republish this diary. The diary will be added to the queue for that group. Publish it from the queue to make it appear.

You must be a member of a group to use this feature.

Add a quick update to your diary without changing the diary itself:
Are you sure you want to remove this diary?
(The diary will be removed from the site and returned to your drafts for further editing.)
(The diary will be removed.)
Are you sure you want to save these changes to the published diary?

Comment Preferences

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site