Mozilla have a list of known vulnerabilities on their site,
of the 65 known errors.
as the known work around.
of the 56 remaining.
as the known work around
of the 27 remaining.
as the known workaround. (seems applets have the ability to invoke java applications).
of the remaining 24.
Disable Password Manager
Do not store passwords
Don't open *.hta or application/hta files
another classic workaround for problems caused when browsing the internet
instead of fixing problems when downloading POP3 messages they suggest
Do not use POP mail
- helpfull eh?
if you're having buffer overflow problems when using Mozilla software and email, why bother fixing it when you can tell your users.
Do not attach files of unknown content to mail/news messages
More mail goodness!
Trouble with exploits when connecting to POP servers...
Do not connect to untrusted POP3 mail servers
(this one comes with my own personal rant)
In order to prevent the spread of virusses through out the internet, microsoft have restricted the attachments that can be sent through exchange servers, and restricted the type that can be open from within...
Do not open attachments from untrusted sources
When Microsoft said this they were shrugging their corperate responsibility!
(with another rant)
When people found a way to spoof the address displayed in the address bar so that it displays one name, whilst actaully being directed to another unsecure site, where you may be asked to enter sensative information Microoft fixed the problem with their browser...
Check the Page Info dialog and lock icon before entering sensitive data on a web page
(this appears twice)
Having crosslinking trouble... heres a GEM from the mozilla work around...
an error, which the description describes as...
Some non-tier1 platforms (BeOS) do not truncate cache files properly which could result in a page that is a mix of old and new, which could result in unwanted purchases
Clear cache before going to a page you have visited before
Now don't get me wrong, everyone should be carefull when prurchasing online, but a problem as simple as, there may be cached pages, in what should be a secure area. the browser should force refresh these pages by it's self, not rely on the user to delete files before they start browsing.
now it seems that this problem is caused by the service providers, but I've not heard of this error on IE before.
this one is classic, say you want to add a security policy to your browser. Well it might not actually work!
Do not add or change configurable security policies; the defaults are safe
No the defaults are not good enough, thats why the user wants to add their own, there is obviously something lacking in the defaults. don't try to fob me off telling me something like that.
Hackers may be able to spoof pages when you browse through a proxy...
mozilla don't fix this problem they say.
Do not use proxy, or Check the Page Info dialog and lock icon before entering sensitive data on a web page
So how exactly do I win? I can't apply a security policy on the actual browser software, because it doesn't work (see above) and I can't apply a security policy through the use of a proxy serer because it opens up a security vulnerability!
Seems there are authentification troubles concerning mail servers and HTTP authentification. mozilla says
Memorize the real mail server password prompt and do not enter your password if the dialog is not exactly the same
And finally, .hta files are excecutable, whe microsoft were faced with this problem, a securioty patch was released that fixed the vunerability...
Don't open *.hta or application/hta files
Most exploits run without the uers knowledge, and they try really hard to hide themselves. they don't generaly come with links that say...
Click here, it's going to run a really bad thing that will break your computer. there is a strong possibility that your browser will be open to this form of atack, and funnily enough this is exactly what I wanted. Now click here, everybody knows that fixing your computer is fun, everyone loves to have to spendtime running virus scanners, and spyware detectors... Just click it'll be fun. I promise
Took me a long time to compile that!
you can find the list in it's original format here