Subscribe to magazine

Macworld Forums: Firefox update helps prevent Web site spoofing - Macworld Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Firefox update helps prevent Web site spoofing

#1 User is offline   MW Forums Icon

  • Power User
  • PipPipPipPip
  • Group: Members
  • Posts: 12,220
  • Joined: 02-August 04

Posted 25 February 2005 - 06:40 AM

The Mozilla Foundation has released Firefox 1.0.1, an update to their popular Web browser for multiple platforms including Mac OS X. The new release is available for download from the Mozilla Web site. The updated release has improved stability and "several fixes to guard against spoofing and arbitrary code execution," according to the developers. more
0

#2 User is offline   chewygoat Icon

  • Member
  • PipPip
  • Group: Members
  • Posts: 218
  • Joined: 02-September 04

Posted 25 February 2005 - 06:52 AM

The IDN fix is very welcome and in itself timely, but in general the Mac version of Firefox has been left behind when it comes to security updates. Whatever benefit there is to open source source software from a security standpoint has been lost on the Mac version. This update addresses the IDN flaw and some unspecified other flaws, but there have been known flaws with Firefox 1.0 for a long time that were addressed in Linux in short time, but not at all on the Mac, until today, finally. I'm not sure about the security flaw response time with the Windows version, but for the Mac it has been very poor indeed and I don't recommend Firefox to Mac users as a result. It may be great on other platforms, but Mac Firefox users have been treated as second class citizens by the developers.
0

#3 User is online   Hawaiian717 Icon

  • Member
  • PipPip
  • Group: Members
  • Posts: 57
  • Joined: 29-September 01

Posted 25 February 2005 - 09:25 AM

I'm not sure what you mean by security fixes being made for the Linux version of Firefox but not for Mac. If you mean by nightly builds, maybe, I don't follow those.
But all three platforms were updated yesterday to 1.0.1, none have had an update to the release version of Firefox since 1.0 came out until yesterday.
0

#4 User is offline   DPG4450Guy Icon

  • Veteran
  • PipPipPip
  • Group: Members
  • Posts: 2,137
  • Joined: 14-September 03

Posted 25 February 2005 - 09:37 AM

Peter, can you follow up to see if these same fixes will be put on "official" releases of Mozilla and Camino shortly? Thanks.
0

#5 User is offline   d00d Icon

  • Advanced Member
  • Icon
  • Group: Mac User
  • Posts: 12,149
  • Joined: 24-April 01

Posted 25 February 2005 - 10:25 AM

A Mozilla update is coming soon.

#6 User is offline   Londoner Icon

  • Member
  • PipPip
  • Group: Members
  • Posts: 46
  • Joined: 25-February 05

Posted 25 February 2005 - 03:06 PM

It's not only Explorer and Firefox that can handle these kind of spoofs. I just ran the Secunia spoofing test (http://secunia.com/multiplebrowsersidnspoofingtest/) using the nice little Japanese Safari variant Shiira, and it spotted the spoof the same way as Firefox, i.e. instead of displaying "http://www.paypal.com/" in the address bar, it shows "http://www.xn--paypl-7ve.com/". And this version of Shiira (0.9.3) has been around since early December! I think we'll see a Safari fix shortly, as this must be a very simple thing to fix. In the meantime I urge people to try Shiira (http://hmdt-web.net/shiira/index-e.htm), which is a much nicer alternative to Safari than Firefox - and uses Safari's bookmarks!
0
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

3 User(s) are reading this topic
0 members, 3 guests, 0 anonymous users