"Brown Orifice" Is Only The Beginning
Last week security holes were found in Netscape's Java implementation that
allowed it to act as a web server. Earlier today, a hacker announced that
he had found vulnerabilities in Mozilla M17 that allow it to operate as a
web browser. And that's just the beginning.
Said "3l337h4x0r", the discoverer of the M17 exploit, "This is quite a
hack! By manipulating some internal functions, I was able to use M17 to
actually surf the web. Slashdot and Humorix rendered beautifully."
Mozilla engineers were stunned. "This shouldn't be possible. M17 contains
a newsreader, a mail client, an instant messenger client, and a whole
bunch of XUL acronymn-enriched stuff, but it shouldn't be able to handle
HTTP or HTML. We haven't been planning on adding web-surfing functionality
to Mozilla until M30... maybe M25 at the earliest. I suspect this whole
thing is a hoax."