Topic: FireFox Security Flaw

Firefox has unpatched "extremely critical" security holes and exploit code is already circulating on the Net, security researchers have warned....

The two unpatched flaws in the Mozilla browser could allow an attacker to take control of your system....

Goes to show you that it's not just IE that has problems tongue

2 (edited by skoval 2005-05-09 20:11)

Re: FireFox Security Flaw

http://www.frsirt.com/exploits/20050507.firefox0day.php
Bug 293302 - Firefox 1.0.3 Critical Vulnerability
http://it.slashdot.org/article.pl?sid=0 ? p;from=rss

To protect yourself against all of these holes, disable JavaScript. (Some people have suggested only disabling software installation. If you only disable software installation, you will still be vulnerable to the XSS hole used in the exploit. XSS is sufficient for stealing cookies, saved passwords, intranet web pages, etc.)

Re: FireFox Security Flaw

Another great patch is not being an idiot and allowing sites to install stuff when you don't know what it is.

Re: FireFox Security Flaw

but Microsoft doesn't update IE tongue

5

Re: FireFox Security Flaw

Atleast users know there is a problem. Microsft has this habit of keeping everything hush hush.

Then the patches they release do not fix the problem, they just change the way the program works to account for the security risk. Hence the word patch.

Do, or do not.

Re: FireFox Security Flaw

Doesn't seem to effect MacOS smile

Every Day Above Ground Is A Good One!!

Re: FireFox Security Flaw

Nevethir wrote:

but Microsoft doesn't update IE tongue

True....but alot of people seemed to have thought FF was invincible or something...like it was not vulnerable to any exploits. I think the main reason Windows and IE get hit so hard is simply because that's what the highest percentage of machines are running.  Why go after OS Z running browser Y when only .00000003% of users have that set-up.....Target windows users running IE and reach 90%+ of the machines connected to the internet...

8

Re: FireFox Security Flaw

The biggest mistake anyone can make is that their system is secure. The only way your system is safe is when its unplugged, and put into a fire-proof safe.

As long as you are connected to the internet, people can get access. You can have all the firewalls in the world, all the anti-viruses in the world, but you cannot stop a determined malicous intended person.

Do, or do not.

Re: FireFox Security Flaw

almost_there wrote:
Nevethir wrote:

but Microsoft doesn't update IE tongue

True....but alot of people seemed to have thought FF was invincible or something...

The same thing happened with OSX. Well, that is until Apple started releasing security updates just as frequently as Microsoft.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Re: FireFox Security Flaw

zc923 wrote:

The biggest mistake anyone can make is that their system is secure. The only way your system is safe is when its unplugged, and put into a fire-proof safe.

As long as you are connected to the internet, people can get access. You can have all the firewalls in the world, all the anti-viruses in the world, but you cannot stop a determined malicous intended person.

in addition to this reply: i read in february 2005 issue of PC World magazine it only takes less than 4 minutes for a computer to be scanned and/or attacked once they are connected to the internet.

~James
FluxBB - Less is more

Re: FireFox Security Flaw

Rickard wrote:

The same thing happened with OSX. Well, that is until Apple started releasing security updates just as frequently as Microsoft.

They are releasing them, but not quite as fast as M$, but do have (5) so far this year (most averaging 5-10 mb):

2005-01-29 15:41:37 -0500: Installed "Security Update 2005-001" (1.0)
2005-02-23 21:33:56 -0500: Installed "Security Update 2005-002" (2.0.0)
2005-04-08 22:01:25 -0400: Installed "Security Update 2005-003" (1.0)
2005-04-21 08:36:08 -0400: Installed "Security Update 2005-004" (1.0)
2005-05-08 01:04:09 -0400: Installed "Security Update 2005-005" (1.0)

Wasn't trying to start the OS War again, was only noting that a lot of times it is a combination of apps and OS, not just apps. If the OS underneath is flawed, any app sitting on top of it is as well (sim to the php flaws a while back).

I've commented before, I believe the reason most "hackers" do not go after other non-Win boxes is because they are for the most part script kiddies who download their goodies and see what damage they can do. Anyone truly skilled enogh to break into a *nix box is not going to waste their time on the iBook (through both the router and software firewalls).

Every Day Above Ground Is A Good One!!

Re: FireFox Security Flaw

middleground: Yes, but each of those updates closed up numerous holes. The last one, 2005-005, fixed no less than 20 vulnerabilities. Microsoft usually (but not always) releases one update per vulnerability.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Re: FireFox Security Flaw

But it seems there are some real diehard anti-microsoft people that think IE is the only browser vulnerable. I remember a post in a forum on another site where a poster asked what they could do to protect themselves 100% against these attacks when online and several people were jumping in saying to get rid of IE and get a "Real" browser like FF. Some people are/were under the impression that FF was invincible to attacks and seemed to have a false sense of security just because they stopped using the evil IE. My answer was similar to what zc923 said in this thread---Unplug your machine and don't connect to the internet anymore.

Also, I think there will be more of these vulnerabilities discovered in FF as it gains in popularity.

Re: FireFox Security Flaw

almost_there wrote:

Also, I think there will be more of these vulnerabilities discovered in FF as it gains in popularity.

and more scripted JUST for FF also.

~James
FluxBB - Less is more