Firefox 3 Vulnerability Found

Firefox 3 vs Malware community, Round 1.

http://www.pcworld.com/businesscenter/article/147277/firefox_3_vulnerability_found.html

 

Thank for the link dw426,

From the article:

So far it's the researchers and not the malware community with the info (hopefully).

 

Oh I'm sure it won't take the malware folks too long now that they're aware there's a hole someplace in there

 

I wish we knew more about it. It would be nice to know if NoScript would prevent it.

Your right about the malware writers. They will persist as long as there is money to be made. It also looks like the "researcher" that submitted the vulnerability will get some money for his or her hard work .

This is also why I run my internet facing applications in a sandbox. I don't have to wait for Mozilla or whoever to issue a fix that patches their hole.

 

I guess put FF in a sand box and hope for the best.. it just seem like they could have found this hole during beta testing. i'm sure they will come up with a few reasons to how this did not get checked or addressed before release we all know the game buy now.

 

Eh, at least they probably WILL try to explain it, unlike all the vulnerabilities in Windows XP that SEVEN YEARS later they are still patching holes in monthly....yeah, I did have to take a shot at them, I was in the mood

 

yea i'm waiting to here the reasons.. i kinda blame myself and should have know better never to get the first release.

 

Firefox2 also has this vulnerability. It's just a POC and I'm sure there will be a fix for it soon. Probably before Firefox3 is available via auto update.

 

how you doing innerpeace i sure hope they have a fix soon every time i try to lighten the security i end up having to add more i think i will just put 1 of every security app on this time that way i would be ahead of the game.

 

Hi HyperFlow, You don't need more security apps. Your already ahead of the game by knowing there is a vulnerability. If it was in the wild you would also here about it and could apply the workaround if there was one. Your other security software would probably also protect you. That's what proper layering is about.

I only mentioned a sandbox because to me it's just easier to isolate 'risky' programs than constantly worry about vulnerabilities and keeping all internet related programs updated. Sometimes it's a PITA keeping updated but it's well worth it. With a properly configured sandbox it allows some "wiggle" room while still theoretically being protected.

 

As a good guy, I would never talk about vulnerabilities in softwares or publish them and inform the bad guys this way. It looks almost like helping the bad guys. Just fix it in the next version and in absolute silence.

 

Only one problem with that, the malware guys were very likely pouring over Firefox 3 the moment they got their hands on it, so they probably would have found it anyway.