Hackers claim zero-day flaw in Firefox

Discussion in 'other security issues & news' started by ronjor, Oct 1, 2006.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,791
    Location:
    Texas
    Story
     
  2. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Be careful with the link Ronjor gave, you are only a few clicks away from malicious sites.

    Gerard
     

    Attached Files:

  3. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    What about the NoScript extension? Does it help to prevent javascript-based security exploits?
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    Sure it does.
    Mrk
     
  5. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh
    Oh yeah of course that's really good for the internet and it's users. Well worth destabilising my system, draining my bandwidth, and compromising my privacy and security. Scum! Although they have done this the wrong way at least it raises the heat a little on Firefox. I think they need to focus on clearing the backlog of known vulnerabilities before pushing any further forward. Firefox is only magic while it remains a safer option than IE. If Mozilla aren't careful people will be just as nervous about FF as I am about IE.


    http://www.theinquirer.net/default.aspx?article=34789... for another version of this tale. Noscript rocks and should be a standard browser feature even if disabled by default. Still if the JS implementation has that many exploits they need to get to work on fixing it!
     
    Last edited: Oct 2, 2006
  6. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    Hackers detail Firefox flaw, calling the browser a "complete mess"

    Hacker conferences are so much fun. Case in point: San Diego's ToorCon conference on Saturday, when engineers Mischa Spiegelmock and Andrew Wbeelsoi (what names!) took the stage and called the increasingly popular Firefox Web browser a "complete mess." The duo detailed to the world a security flaw in Firefox, which afflicts the browser's handling of Javascript. As if that weren't painful enough, Spiegelmock and Wbeelsoi also said the glitch was probably "impossible to patch."

    "Internet Explorer, everybody knows, is not very secure," said Spiegelmock. "But Firefox is also fairly insecure."

    Naturally, Firefox officials were none too happy, reports CNET. The hard-working people from the Mozilla Foundation, which manages Firefox, had hoped for a bit more discretion. Publicizing a Firefox insecurity hurts the browser's image as the safe, spam-free alternative to Microsoft's Internet Explorer. "I think it is unfortunate because it puts users at risk, but that seems to be their goal," groused Window Snyder, head of security for Mozilla.

    Digg readers are having none of the Firefox bashing. When one posted: "It makes you wonder why people always say FF is the best browser," one reader was quick to fire back: "Maybe because each Firefox flaw is worthy of a news post, while Internet Explorer has so many that no one bothers to write about them anymore."

    http://money.cnn.com/blogs/browser/index.html#115979456257268446
     
  7. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    Exploiting Javascript is done for over 8 years now.

    So little news here.
    Example:
    http://sunbeltblog.blogspot.com/2005/11/javascript-exploit-now-in-wild.html

    Only the impact will be different, since Firefox on Linux runs under
    the user's permissions, little impact can be expected on the OS.

    For the Windows OS,having the browsers run with the permissions to change to OS this is is of course more dangerous.

    The same thing with Active X and Java.

    I think it is unbelievable, That Windows still allows websites
    to install malware in it's OS via Internet Explorer.

    And the sad thing is that an AV as Mcafee doesn't work
    if Active x and javascript are disabled !

    When we sent an example to MS, on how malware was installed via a URL
    the respons was that MS advised customers NOT to click on dangerous links

    :>)
    -
     
    Last edited: Oct 2, 2006
  8. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
  9. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Re: Mozilla Investigates New Firefox Flaw

    hehehe opera cough cough cough :D

    But being sensible, these are all javascript exploits, which can be easily disabled with noscript, or the mighty Proxomitron! All I hope is that Mozilla improves the way they handle javascript, in a way that it can't be exploited as easily

    Alphalutra1
     
  10. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Firefox ROCKS!!! :D
     
  11. dog

    dog Guest

    Complete Story - The Register
     
  12. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
  13. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    So, "alles in ordnung...", no more nervous switching between FF and Opera... :)

    Regards, C.
     
  14. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    I wonder who will want to hire those two after a stunt like this?
    Even Microsoft won't hire them as it would then give the impression that Microsoft is backing a smear campaign.
     
Loading...
Thread Status:
Not open for further replies.