« November 2009
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
     
       
Today
XML

Blog::Navigation


blogs.sun.com
Weblog
Login

Other sites

My homepage

Get Firefox

Get Firefox!.

Site notes

This page validates as XHTML 1.0, and will look much better in a browser that supports web standards, but it is accessible to any browser or Internet device. It was created using techniques detailed at glish.com/css/.

Powered by Roller Weblogger.
All | General | Mozilla | Technical
20050519 Thursday May 19, 2005
Built Firefox 1.0.4 with gcc-4.0.0 on MacOS X 10.4.0 Last week I built Firefox 1.0.4 with gcc-4.0.0 on MacOS X 10.4.0. It's really not smooth. Actually I have to build a final version of gcc-4.0.0 before building Firefox. Anyway, it works finally. Cheers. about:buildconfig Build platform target powerpc-apple-darwin8.0.0 Build tools Compiler Version Compiler flags gcc gcc version 4.0.0 (Apple Computer, Inc. build 5018) -Wall -W -Wno-unused -Wpointer-arith -Wcast-align -Wno-long-long -fpascal-strings -no-cpp-precomp -fno-common -I/Developer/Headers/FlatCarbon -pipe c++ gcc version 4.0.0 (Apple Computer, Inc. build 5018) -fno-rtti -fno-exceptions -Wall -Wconversion -Wpointer-arith -Wcast-align -Woverloaded-virtual -Wsynth -Wno-ctor-dtor-privacy -Wno-non-virtual-dtor -Wno-long-long -fpascal-strings -no-cpp-precomp -fno-common -fshort-wchar -I/Developer/Headers/FlatCarbon -pipe -I/usr/X11R6/include Configure arguments --disable-ldap --disable-mailnews --enable-extensions=cookie,xml-rpc,xmlextras,pref,transformiix,universalchardet,webservices,inspector,gnomevfs,negotiateauth --enable-crypto --disable-composer --enable-single-profile --disable-profilesharing --enable-application=browser --enable-strip --enable-static --enable-pthreads --enable-prebinding '--enable-optimize=-O2 -faltivec -mcpu=7450 -mtune=7450 -mpowerpc -mpowerpc-gfxopt -fpermissive' --disable-debug --disable-tests --disable-shared --without-system-png --without-system-mng --without-system-nspr --without-system-zlib --without-system-jpeg
Permalink Comments [1] (2005-05-19 01:00:06.0/2005-05-19 00:57:05.0)
Trackback: http://blogs.sun.com/ginn/entry/built_firefox_1_0_4
20040704 Sunday July 04, 2004
Multiple Browsers Frame Injection Vulnerability

A 6 year old vulnerability has been discovered in multiple browsers, allowing malicious people to spoof the content of websites.

The problem is that the browsers don't check if a target frame belongs to a website containing a malicious link, which therefore doesn't prevent one browser window from loading content in a named frame in another window.

Successful exploitation allows a malicious website to load arbitrary content in an arbitrary frame in another browser window owned by e.g. a trusted site.

The vulnerability has been confirmed in the following browsers:
* Opera 7.51 for Windows
* Opera 7.50 for Linux
* Mozilla 1.6 for Windows
* Mozilla 1.6 for Linux
* Mozilla Firebird 0.7 for Linux
* Mozilla Firefox 0.8 for Windows
* Netscape 7.1 for Windows
* Internet Explorer for Mac 5.2.3
* Safari 1.2.2
* Konqueror 3.1-15redhat

Other versions may also be affected.

Solution:
Do not browse untrusted sites while browsing trusted sites.

The following browsers are not affected:
* Mozilla Firefox 0.9 and later
* Mozilla 1.7

You can find a testcase in secunia.com.

Mozilla comes safer than IE now.

Permalink Comments [2] (2004-07-04 19:49:27.0/2004-07-04 12:53:23.0)
Trackback: http://blogs.sun.com/ginn/entry/multiple_browsers_frame_injection_vulnerability
Copyright (C) 2004-2005, Blog of Ginn Chen (陈琦/Chen Qi)