Firefox 3 Vulnerability Found

Discussion in 'other security issues & news' started by dw426, Jun 18, 2008.

Thread Status:
Not open for further replies.
  1. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
  2. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Thank for the link dw426,

    From the article:
    So far it's the researchers and not the malware community with the info (hopefully).
     
  3. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Oh I'm sure it won't take the malware folks too long now that they're aware there's a hole someplace in there ;)
     
  4. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    I wish we knew more about it. It would be nice to know if NoScript would prevent it.

    Your right about the malware writers. They will persist as long as there is money to be made. It also looks like the "researcher" that submitted the vulnerability will get some money for his or her hard work :thumb:.

    This is also why I run my internet facing applications in a sandbox. I don't have to wait for Mozilla or whoever to issue a fix that patches their hole.
     
  5. HyperFlow

    HyperFlow Registered Member

    Joined:
    Mar 21, 2008
    Posts:
    115
    I guess put FF in a sand box and hope for the best.. it just seem like they could have found this hole during beta testing. i'm sure they will come up with a few reasons to how this did not get checked or addressed before release we all know the game buy now. ;)
     
  6. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Eh, at least they probably WILL try to explain it, unlike all the vulnerabilities in Windows XP that SEVEN YEARS later they are still patching holes in monthly....yeah, I did have to take a shot at them, I was in the mood :)
     
  7. HyperFlow

    HyperFlow Registered Member

    Joined:
    Mar 21, 2008
    Posts:
    115
    yea i'm waiting to here the reasons.. i kinda blame myself and should have know better never to get the first release.
     
  8. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Firefox2 also has this vulnerability. It's just a POC and I'm sure there will be a fix for it soon. Probably before Firefox3 is available via auto update.
     
  9. HyperFlow

    HyperFlow Registered Member

    Joined:
    Mar 21, 2008
    Posts:
    115
    how you doing innerpeace i sure hope they have a fix soon every time i try to lighten the security i end up having to add more i think i will just put 1 of every security app on this time that way i would be ahead of the game. :D
     
  10. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Hi HyperFlow, You don't need more security apps. Your already ahead of the game by knowing there is a vulnerability. If it was in the wild you would also here about it and could apply the workaround if there was one. Your other security software would probably also protect you. That's what proper layering is about.

    I only mentioned a sandbox because to me it's just easier to isolate 'risky' programs than constantly worry about vulnerabilities and keeping all internet related programs updated. Sometimes it's a PITA keeping updated but it's well worth it. With a properly configured sandbox it allows some "wiggle" room while still theoretically being protected.
     
  11. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    As a good guy, I would never talk about vulnerabilities in softwares or publish them and inform the bad guys this way. It looks almost like helping the bad guys. Just fix it in the next version and in absolute silence.
     
  12. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543

    Only one problem with that, the malware guys were very likely pouring over Firefox 3 the moment they got their hands on it, so they probably would have found it anyway.
     
Loading...
Thread Status:
Not open for further replies.