Benjamin Juang (ibneko) wrote,
Benjamin Juang

Tiger. 10.4.

Mmm, I look forward to thee~ = comparison chart.

T-10 days. I haven't been this excited for an OS update for awhile. Then again, this is the first time I'm paying for it (via school's subscription, so it's only slightly less than $30), instead of getting it illegally.

Also, Firefox user? You might be at risk...,289142,sid14_gci1080895,00.html?track=NL-102&ad=511466

Proof-of-concept code targeting security holes in Firefox and the Mozilla Suite have started appearing on public mailing lists. An attacker could exploit the flaws to launch malicious code. But users can protect themselves by updating to Firefox 1.0.3 and Mozilla Suite 1.7.7.


Specifically, the concept code targets:

A glitch where the URL of a Web site "favicons" icon is not verified before being changed through JavaScript. An attacker can exploit this to launch malicious code with escalated privileges using a specially crafted "javascript:" URI. According to, a favicon is a customizable, multi-resolution image included on nearly all professionally developed sites.

An issue in the "_search target" function sites can use to open links in the Firefox sidebar. Two missing security checks allow malicious scripts to open a privileged page [such as about:config] then inject script using a "javascript:" URL. This could be used to install malicious code or steal data without user interaction.</>

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded