-{ Quote: "By Robert McMillan

March 26, 2009 (IDG News Service) Online attack code has been released targeting a critical, unpatched flaw in the Firefox browser.

The attack code, written by security researcher Guido Landi, was published on several security sites Wednesday, sending Firefox developers scrambling to patch the flaw. Until it is patched, this code could be modified by attackers and used to sneak unauthorized software onto a Firefox user's machine." }-Story (http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9130559)

Poor, poor Firefox... :ouch:

This is part of the reason that I run my internet facing applications with Sandboxie.

Thanks ronjor!

New version of Firefox already out with the exploit patched up. I dont know about you but I am almost thinking that they are faster than Microsoft at fixing their stuff. ;D

-{ Quote: "New version of Firefox already out with the exploit patched up. I dont know about you but I am almost thinking that they are faster than Microsoft at fixing their stuff. ;D" }-

I already installed latest version.
That seems to be pretty quick.

-{ Quote: "This is part of the reason that I run my internet facing applications with Sandboxie.

Thanks ronjor!" }-
Hi, Just a side note. Do you think Geswall would be equally qualified to stop the mentioned attack as well as Sandboxie? I realize Geswall isn't a sandbox but they claim to be capable to stop everything your AV etc. misses. I have been checking Geswall out and am contemplating giving it a try. Thanks :)

-{ Quote: "Hi, Just a side note. Do you think Geswall would be equally qualified to stop the mentioned attack as well as Sandboxie? I realize Geswall isn't a sandbox but they claim to be capable to stop everything your AV etc. misses. I have been checking Geswall out and am contemplating giving it a try. Thanks :)" }-
I would guess that any of the sandbox programs would work. If you still using OA or another HIPS, it should also alert to something trying to run.

From the article:
-{ Quote: "By tricking a victim into viewing a maliciously coded XML file, an attacker could use this bug to install unauthorized software on a victim's system. This kind of Web-based malware, called a drive-by download, has become increasingly popular in recent years." }-

Also, if you look at the comments in ronjor's link, one of them states that NoScript should protect you. I have no idea if the default settings protect.

-{ Quote: "I would guess that any of the sandbox programs would work. If you still using OA or another HIPS, it should also alert to something trying to run.

From the article:


Also, if you look at the comments in ronjor's link, one of them states that NoScript should protect you. I have no idea if the default settings protect." }-
OK thanks for the info. I guess I'm covered. :)

Please forgive a possibly stupid question, but is the 3.1B3 also patched? I haven't noticed any update since I installed it.
TIA

According to this thread, you can download a nightly build that covers the flaw. >> http://forums.mozillazine.org/viewtopic.php?f=23&t=1165955

Thanks, ronjor. :thumb:

-{ Quote: "Poor, poor Firefox... :ouch:" }-
why? what do you use? internet explorer?? :)) pitty