Announcement

Collapse
No announcement yet.

'Moderately Critical' Vulnerability in Firefox

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • 'Moderately Critical' Vulnerability in Firefox

    Looks like Mozilla isn't the panacea that so many people make it out to be. No sooner has Microsoft fixed a hole that allows the browser to run executables without intervention from the user than Mozilla develops its own flaw in the same ilk.

    Firefox 0.9.2 has been released to deal with the problem.

  • #2
    Only affects Windows though.

    Comment


    • #3
      ftp://ftp.mozilla.org/pub/mozilla.or...shellblock.xpi fixes it or you could upgrade to 0.9.2 / 1.7.1
      Scott MacVicar

      My Blog | Twitter

      Comment


      • #4
        This only affects Windows. If you use Mac/Linux you are unaffected. As for this...

        No sooner has Microsoft fixed a hole that allows the browser to run executables without intervention from the user than Mozilla develops its own flaw in the same ilk.
        No sooner? It took Microsoft a week to fix a hole in IE after a known wild exploit, it took Mozilla a day after a known exploit.
        TheologyWeb. We debate theology. srsly.

        Comment


        • #5
          Remember, this is actually a Windows hole that Mozilla has patched for Microsoft. Hence why it doesn't appear in other OS's or other versions of Windows, and why it was fixed in XP SP2.
          Last edited by CeleronXT; Fri 9 Jul '04, 8:54am.
          "63,000 bugs in the code, 63,000 bugs, you get 1 whacked with a service pack, now there's 63,005 bugs in the code."
          "Before you critisize someone, walk a mile in their shoes. That way, when you critisize them, you're a mile away and you have their shoes."
          Utopia Software - Current Software: Utopia News Pro (news management system)

          Comment


          • #6
            I knew this would happen, with all the press saying not to use Internet Explorer, hackers are going to look for exploits in the alternatives since they know people will be flocking to other browsers.

            Comment


            • #7
              not being offensive, but hasn't vBulletin had it's own fair share of security risks?

              most software will have bugs

              Comment


              • #8
                Originally posted by assassingod
                I knew this would happen, with all the press saying not to use Internet Explorer, hackers are going to look for exploits in the alternatives since they know people will be flocking to other browsers.
                AFAIK, (though of course this could be wrong) there is no 'wild' exploit making it's rounds. Just demonstrations of this vulnerability.

                It was discovered before attackers even started using it, apparently.

                Finding exploits this way(before attackers get a chance to use it, and especially before FF 1.0) is a good thing so they can be fixed quickly and make Mozilla overall more secure.

                The question isn't whether there are security holes(there are holes in vBulletin), but whether the good guys find them before the bad guys get to use them. The good guys won this time.
                TheologyWeb. We debate theology. srsly.

                Comment


                • #9
                  Ugh... remember, this is a flaw in WINDOWS. Why are you criticising Mozilla for it?

                  AFAIK it affects any browser running on a Windows computer.

                  Comment


                  • #10
                    Originally posted by Marco
                    Ugh... remember, this is a flaw in WINDOWS. Why are you criticising Mozilla for it?

                    AFAIK it affects any browser running on a Windows computer.
                    Because people fail to read. :P
                    "63,000 bugs in the code, 63,000 bugs, you get 1 whacked with a service pack, now there's 63,005 bugs in the code."
                    "Before you critisize someone, walk a mile in their shoes. That way, when you critisize them, you're a mile away and you have their shoes."
                    Utopia Software - Current Software: Utopia News Pro (news management system)

                    Comment


                    • #11
                      Originally posted by megahard
                      not being offensive, but hasn't vBulletin had it's own fair share of security risks?

                      most software will have bugs
                      they are not denieing that, kier is just pointing out to the people that are now browsing forums all over the world with messages like "IE sucks, lots of security holes. use firefox it doesnt have security holes and is written for security" etc etc. were wrong
                      Originally Posted by Zachery
                      John originally presented vBulletin to Infopop, they didn't take it, so he took it and sold it

                      Originally Posted by Martin
                      We had to do a lot of arm twisting to get him to do it, though. I would imagine he still hates us.

                      Comment


                      • #12
                        why hate firefox T_T? IE would have been more ****ty if it was the only browser in the world...
                        "mewwwwwwwwwww~!" - darkroomfiction.com

                        Comment


                        • #13
                          I think that all software has some flaws, like someone pointed out so does vbulletin, but the reason is because all the software that usually get hacked are really popular software. You never see some small software board thats barely starting out to have security issues, or some browser thats just beginning. Hackers will attack software that is being used by millions of people and in this case IE and vbulletin fall under the category.
                          http://www.bitmonkeys.com - Visit us

                          - nVaux

                          Comment


                          • #14
                            Originally posted by _| () R | Z
                            they are not denieing that, kier is just pointing out to the people that are now browsing forums all over the world with messages like "IE sucks, lots of security holes. use firefox it doesnt have security holes and is written for security" etc etc. were wrong
                            Once again, ignoring the fact that this is a Windows hole, not a Firefox hole. Fx is still written for security. Please read.
                            "63,000 bugs in the code, 63,000 bugs, you get 1 whacked with a service pack, now there's 63,005 bugs in the code."
                            "Before you critisize someone, walk a mile in their shoes. That way, when you critisize them, you're a mile away and you have their shoes."
                            Utopia Software - Current Software: Utopia News Pro (news management system)

                            Comment


                            • #15
                              If you really care about security, you should quit Windows
                              Raz - KMC Forums

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X