Security Problems in Mozilla products: Finding 'em, Fixing 'em

Just got an email today from CERT that details (wait while I count 'em, okay?) ... six critical security problems with Mozilla. The Known Vulnerabilities in Mozilla Products page contains more.

The problems are far-reaching, from buffer overflows with VCards, buffer overflows with BMPs (yes, more problems with pictures), heap overflows with URLs (unbelievable), and buffer overflows with the POP3 handler (ugh). I reckon that if we had a 'super-critical' category, these should go into them. However, I have to admit that exploits for these haven't been seen in the wild yet.

Never mind, install the latest version of mozilla, and carry on with life. What is interesting reading are the notes that come with the bug reports. You can see how the bugs were presented and addressed. Note that a handful of programmers each time solved the problem. You don't need huge armies of coders, just a few dedicated ones.

I guess it's true: Never doubt that a small group of thoughtful and committed citizens can change the world.