The bugs Michael Zalewski posted to full-disclosure yesterday are getting some attention in the press. The information below is intended to provide some clarity on the severity of these issues and how they impact users.
Bug 376473 requires an additional vulnerability in a content handler in order to compromise a user. This alone cannot be used to execute or even place code on the user’s machine. This bug is also rated with a severity of Low. To protect users from potential vulnerabilities in content handlers we are considering ways to improve management of content handlers.
Mozilla prioritizes bugs based on severity to help us figure out which bugs to fix first. Just because a bug has a lower severity rating does not mean we dismiss it. We fix all bugs with any security risk as part of our commitment to security.
UPDATE 06/05/2007 2:27 PDT: These two bugs may be used together to allow an attacker to access any file the user has access to on the system. If this is the case, that may change the severity rating to Medium.