You are not logged in. Please login or register.
PunBB Forums → General discussion → FireFox Security Flaw
Firefox has unpatched "extremely critical" security holes and exploit code is already circulating on the Net, security researchers have warned....
The two unpatched flaws in the Mozilla browser could allow an attacker to take control of your system....
Goes to show you that it's not just IE that has problems 
http://www.frsirt.com/exploits/20050507.firefox0day.php
Bug 293302 - Firefox 1.0.3 Critical Vulnerability
http://it.slashdot.org/article.pl?sid=0 ? p;from=rss
To protect yourself against all of these holes, disable JavaScript. (Some people have suggested only disabling software installation. If you only disable software installation, you will still be vulnerable to the XSS hole used in the exploit. XSS is sufficient for stealing cookies, saved passwords, intranet web pages, etc.)
Another great patch is not being an idiot and allowing sites to install stuff when you don't know what it is.
Atleast users know there is a problem. Microsft has this habit of keeping everything hush hush.
Then the patches they release do not fix the problem, they just change the way the program works to account for the security risk. Hence the word patch.
Doesn't seem to effect MacOS 
but Microsoft doesn't update IE
True....but alot of people seemed to have thought FF was invincible or something...like it was not vulnerable to any exploits. I think the main reason Windows and IE get hit so hard is simply because that's what the highest percentage of machines are running. Why go after OS Z running browser Y when only .00000003% of users have that set-up.....Target windows users running IE and reach 90%+ of the machines connected to the internet...
The biggest mistake anyone can make is that their system is secure. The only way your system is safe is when its unplugged, and put into a fire-proof safe.
As long as you are connected to the internet, people can get access. You can have all the firewalls in the world, all the anti-viruses in the world, but you cannot stop a determined malicous intended person.
Nevethir wrote:but Microsoft doesn't update IE
True....but alot of people seemed to have thought FF was invincible or something...
The same thing happened with OSX. Well, that is until Apple started releasing security updates just as frequently as Microsoft.
The biggest mistake anyone can make is that their system is secure. The only way your system is safe is when its unplugged, and put into a fire-proof safe.
As long as you are connected to the internet, people can get access. You can have all the firewalls in the world, all the anti-viruses in the world, but you cannot stop a determined malicous intended person.
in addition to this reply: i read in february 2005 issue of PC World magazine it only takes less than 4 minutes for a computer to be scanned and/or attacked once they are connected to the internet.
The same thing happened with OSX. Well, that is until Apple started releasing security updates just as frequently as Microsoft.
They are releasing them, but not quite as fast as M$, but do have (5) so far this year (most averaging 5-10 mb):
2005-01-29 15:41:37 -0500: Installed "Security Update 2005-001" (1.0)
2005-02-23 21:33:56 -0500: Installed "Security Update 2005-002" (2.0.0)
2005-04-08 22:01:25 -0400: Installed "Security Update 2005-003" (1.0)
2005-04-21 08:36:08 -0400: Installed "Security Update 2005-004" (1.0)
2005-05-08 01:04:09 -0400: Installed "Security Update 2005-005" (1.0)
Wasn't trying to start the OS War again, was only noting that a lot of times it is a combination of apps and OS, not just apps. If the OS underneath is flawed, any app sitting on top of it is as well (sim to the php flaws a while back).
I've commented before, I believe the reason most "hackers" do not go after other non-Win boxes is because they are for the most part script kiddies who download their goodies and see what damage they can do. Anyone truly skilled enogh to break into a *nix box is not going to waste their time on the iBook (through both the router and software firewalls).
middleground: Yes, but each of those updates closed up numerous holes. The last one, 2005-005, fixed no less than 20 vulnerabilities. Microsoft usually (but not always) releases one update per vulnerability.
But it seems there are some real diehard anti-microsoft people that think IE is the only browser vulnerable. I remember a post in a forum on another site where a poster asked what they could do to protect themselves 100% against these attacks when online and several people were jumping in saying to get rid of IE and get a "Real" browser like FF. Some people are/were under the impression that FF was invincible to attacks and seemed to have a false sense of security just because they stopped using the evil IE. My answer was similar to what zc923 said in this thread---Unplug your machine and don't connect to the internet anymore.
Also, I think there will be more of these vulnerabilities discovered in FF as it gains in popularity.
Also, I think there will be more of these vulnerabilities discovered in FF as it gains in popularity.
and more scripted JUST for FF also.
PunBB Forums → General discussion → FireFox Security Flaw
Powered by PunBB, supported by Informer Technologies, Inc.