Mozilla celebrates 10th birthday with a security flaw

The Mozilla Foundation is celebrating what it regards as its 10th anniversary this week.

On 22 January 1998, Netscape Communications Corporation announced its plans to make the source code for the Netscape Communicator client software available with free licensing on the Internet. The Communicator 5 source code was made available on 31 March 1998 and became the basis of the Mozilla Suite, comprising the Firefox Web browser and the Thunderbird e-mail application.

Mozilla, originally the codename for the Netscape Navigator browser code, became the name of both Mozilla's red lizard mascot and the open source community that was created to develop the open source Netscape suite.

The outgoing chief executive officer of Mozilla, Mitchell Baker, has asked the Mozilla community for ideas on how to celebrate Mozilla's 10th year. Mozilla.org, the organisation launched to coordinate Mozilla developers' efforts, will celebrate the event on 23 February.

Meanwhile, Mozilla's head of security, Window Snyder, warned on Tuesday of a flaw in Firefox's user interface, which is called "chrome". Following the notification of the flaw by vulnerability researcher Gerry Eisenhaur, Snyder confirmed on Tuesday that the flaw will affect users who had installed "flat" Firefox extensions -- add-ons, such as Download Statusbar and Greasemonkey, that do not store files in a Java archive.

Insufficient security validation of input file names in the Firefox header lets an attacker order the browser to access files it is not supposed to be able to access, a technique known as directory traversal.

Mozilla has assigned a "low" severity rating to the flaw, and the vulnerability is being investigated by Firefox developers.