News: 0000833625

ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

[$] Fixing our broken internet

([Front] Oct 7, 2020 22:30 UTC (Wed) (jake))

Reference: 0000833625
News link: https://lwn.net/Articles/833625
Source link:

[$] Sorry, this article is currently available to LWN suscribers only [https://lwn.net/subscribe/].

"Brown Orifice" Is Only The Beginning

Last week security holes were found in Netscape's Java implementation that
allowed it to act as a web server. Earlier today, a hacker announced that
he had found vulnerabilities in Mozilla M17 that allow it to operate as a
web browser. And that's just the beginning.

Said "3l337h4x0r", the discoverer of the M17 exploit, "This is quite a
hack! By manipulating some internal functions, I was able to use M17 to
actually surf the web. Slashdot and Humorix rendered beautifully."

Mozilla engineers were stunned. "This shouldn't be possible. M17 contains
a newsreader, a mail client, an instant messenger client, and a whole
bunch of XUL acronymn-enriched stuff, but it shouldn't be able to handle
HTTP or HTML. We haven't been planning on adding web-surfing functionality
to Mozilla until M30... maybe M25 at the earliest. I suspect this whole
thing is a hoax."