Firefox Security problem (FIX RELEASED) - Kawasaki ZX-10R.net
 
LinkBack Thread Tools Display Modes
post #1 of 6 Old 05-11-2005, 11:10 PM Thread Starter
GP Star
 
Louks03's Avatar
 
Join Date: May 2004
Location: Altus AFB, OK
Posts: 2,620
Posting Frequency
 
Send a message via AIM to Louks03 Send a message via MSN to Louks03 Send a message via Yahoo to Louks03
Exclamation Firefox Security problem (FIX RELEASED)

Major security flaws found in Mozilla Firefox browser
From Wikinews beta, the free news source that you can write!
May 10, 2005

Two serious security flaws have been found in the Mozilla Firefox browser, both rated by security analysts as being 'extremely critical'.

An attack using a combination of the two flaws has already been posted on the Internet, which can allow an attacker to to run code on a victim's computer and take control of it.

One allows for an invisible website 'frame' to navigate back to a URL in the History that contains Javascript. This allows an attacker to extract sensitive information, such as passwords from that site, using the Javascript code.

The second allows attackers to put Javascript into the URL for the icon for downloading programs in the install confirmation dialogue box. This Javascript code can then execute with enhanced privileges.

The flaws have been confirmed in the latest version of the browser, 1.0.3, and may well be present in older versions too.

The Mozilla Foundation has published a series of steps users can take to limit their vulnerability, but which also limits browser functionality:

Select the "Options" dialog from the "Tools" menu
Select the "Web Features" icon
Click the "Allowed Sites" button on the same line as the "Allow web sites to install software" checkbox
Click the "Remove All Sites" button
Click "OK"
Select the "Options" dialog from the "Tools" menu
Select the "Web Features" icon
Uncheck the "Enable Javascript" checkbox
Click "OK"


The Foundation has made no comment as to when these exploits might be fixed in the software.

The most popular browser on the web is Microsoft's Internet Explorer. It also suffers from several security exploits, the most severe of which is rated 'Highly Critical', one below 'Extremely Critical'.

================================================== ========

Heres the FIX

May 12, 2005

The Mozilla Foundation have released version 1.0.4 (http://www.mozilla.org/products/firefox/all) of their popular Firefox browser, which fixes the two major problems discovered earlier this week.

The new version fixes no less than six security flaws, including the two 'extremely critical' flaws. Other fixes include one which prevents another method of running code without permission on a user's computer.

There are also five other general bug fixes.

www.doodie.com

Last edited by Louks03; 05-12-2005 at 04:35 AM.
Louks03 is offline  
Sponsored Links
Advertisement
 
post #2 of 6 Old 05-11-2005, 11:20 PM
Track Day Rider
 
superbiker's Avatar
 
Join Date: May 2005
Location: Arizona
Posts: 212
Posting Frequency
 
I knew it was a matter of time due to the sudden popularity of it. It used to be a well kept secret. The run is over. Thanks for the info

superbiker is offline  
post #3 of 6 Old 05-11-2005, 11:21 PM
GP Star
 
jrsjkd's Avatar
 
Join Date: Apr 2005
Location: Seattle, WA
Posts: 2,173
Posting Frequency
         

There is no spoon...
jrsjkd is offline  
post #4 of 6 Old 05-11-2005, 11:47 PM Thread Starter
GP Star
 
Louks03's Avatar
 
Join Date: May 2004
Location: Altus AFB, OK
Posts: 2,620
Posting Frequency
 
Send a message via AIM to Louks03 Send a message via MSN to Louks03 Send a message via Yahoo to Louks03
I'm sure they are working on a fix as we speak but as you said, now thats it popular, losers are going to be hitting it hard to find holes. The internet is NOT a friendly place anymore. Thats why when you find a nice site like this one you pray it doesn't get invaded and ruined.

www.doodie.com
Louks03 is offline  
post #5 of 6 Old 05-12-2005, 10:25 AM
Track Day Rider
 
Join Date: May 2005
Location: teh Debug Window
Posts: 168
Posting Frequency
  
Quote:
Originally Posted by superbiker
I knew it was a matter of time due to the sudden popularity of it. It used to be a well kept secret. The run is over. Thanks for the info
Yup, old news. Except that the vulnerabilities in Firefox are the kind that crash the browser or look at your cache.

The vulnerabilities in IE are the kind that, according the Windows Update, "allow an attacker to take control over your computer". I'd rather a crashed browser than a back orifice job any day.

Dare to compare security: IE vs Firefox (the "criticality" section is the IE-killer)

PS: Open-source appears to result in faster turn-around in bug fixes and security patches, at least in the browser world so far. The above JS flaw was fixed within a week of its discovery by developers around the world doing it for the desire to make a good browser and not to meet a quarterly profit goal for investors and shareholders.

FukNRekd is offline  
post #6 of 6 Old 05-12-2005, 01:08 PM
GP Star
 
jrsjkd's Avatar
 
Join Date: Apr 2005
Location: Seattle, WA
Posts: 2,173
Posting Frequency
         
Every vulnerability Ive seen for FF, and today is another example, has been patched within a ~week. These guys are great.!!!

There is no spoon...
jrsjkd is offline  
Sponsored Links
Advertisement
 
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Kawasaki ZX-10R.net forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in











Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Similar Threads
Thread Thread Starter Forum Replies Last Post
TRE Related Problem & a Fix CanyonCarver Performance and Tech 15 04-15-2005 12:55 PM

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome