Mozilla marks 10th birthday, warns of Firefox bug

Mozilla marks 10th birthday, warns of Firefox bug

Summary: On Tuesday Mozilla celebrated its 10th birthday, as its security chief warned of a design flaw in Firefox

SHARE:
TOPICS: Security
0

The Mozilla Foundation is celebrating what it regards as its 10th anniversary this week.

On 22 January, 1998, Netscape Communications Corporation announced its plans to make the source code for the Netscape Communicator client software available with free licensing on the internet. The Communicator 5 source code was made available on 31 March, 1998. The code became the basis of the Mozilla Suite, which comprises the Firefox web browser and the Thunderbird email application.

Mozilla, originally the codename for the Netscape Navigator browser code, became the name of both Mozilla's red lizard mascot and the open-source community that was created to develop the open-source Netscape suite.

The outgoing chief executive officer of Mozilla, Mitchell Baker, has asked the Mozilla community for ideas on how to celebrate Mozilla's 10th year. Mozilla.org, the organisation launched to co-ordinate Mozilla developers' efforts, will celebrate the event on 23 February.

Meanwhile, Mozilla's head of security, Window Snyder, warned on Tuesday of a flaw in Firefox's user interface, which is called "chrome". Following the notification of the flaw by vulnerability researcher Gerry Eisenhaur, Snyder confirmed on Tuesday that the flaw would affect users who had installed "flat" Firefox extensions — add-ons, such as Download Statusbar and Greasemonkey, that do not store files in a Java archive .

Insufficient security validation of input file names in the Firefox header lets an attacker order the browser to access files it is not supposed to be able to access, a technique known as directory traversal.

Mozilla has assigned a "low" severity rating to the flaw, and the vulnerability is being investigated by Firefox developers.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion