Happy 10th birthday Mozilla - there's a bug in your cake

Â…watch out for the chrome

By Tom Espiner, 25 January 2008 08:45

NEWS

The Mozilla Foundation is celebrating what it regards as its 10th anniversary this week.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

On 22 January, 1998, Netscape Communications Corporation announced its plans to make the source code for the Netscape Communicator client software available with free licensing on the internet. The Communicator 5 source code was made available on 31 March, 1998. The code became the basis of the Mozilla Suite, which comprises the Firefox web browser and the Thunderbird email application.

Mozilla, originally the codename for the Netscape Navigator browser code, became the name of both Mozilla's red lizard mascot and the open-source community that was created to develop the open-source Netscape suite.

The outgoing chief executive officer of Mozilla, Mitchell Baker, has asked the Mozilla community for ideas on how to celebrate Mozilla's 10th year.

Meanwhile, Mozilla's head of security, Window Snyder, has warned of a flaw in Firefox's user interface, called "chrome". Following the notification of the flaw by vulnerability researcher Gerry Eisenhaur, Snyder confirmed the flaw would affect users who had installed "flat" Firefox extensions - add-ons, such as Download Statusbar and Greasemonkey - that do not store files in a Java archive.

Insufficient security validation of input file names in the Firefox header lets an attacker order the browser to access files it is not supposed to be able to access.

Mozilla has assigned a "low" severity rating to the flaw, and the vulnerability is being investigated by Firefox developers.

Post your comment

In order to post a comment you need to be registered and logged in.

Log in or create your silicon.com account below

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy.

Questions about membership? Find the answers in the Membership FAQ