| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 57685 | 2005-05-09 21:28:00 | Firefox vulnerability rated extremely critical | Strommer (42) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 353760 | 2005-05-10 22:49:00 | Thanks zqwerty for telling us "how to lock down the browser". I will sleep easier tonight. :thumbs: | smithie 38 (6684) | ||
| 353761 | 2005-05-11 12:06:00 | "Locking down" the browser, the answer I was looking for: disabling Javascript functionality and the "Allow web sites to install software" option. the last found here: Tools/Options/Web features Thanks. Good to know. I was under the assumption that all web browswers would have a message box asking permission from the user whether they want the software installed or not. :confused: So if a browser is not 'locked down' as you explain above, does software automatically install, without the user's permission? I am not referring to trojans or other malicious intrusions. |
Strommer (42) | ||
| 353762 | 2005-05-11 12:27:00 | I think that is what the vulnerability is, normally when you go to a site you go through the familiar dialogue but on a malicious site, you may click on a link "X", say, and this will initiate an instal without the usual dialogue because at the moment it can be circumvented by the "correct" coding on the site which causes Firefox to instal without dialogue. Normally on a friendly site the coding would be the one which would initiate the usual routine. This must have been an oversight in the original setup which was either forgotten about or the implications were not realized until now. In other words there are two ways that an instal can take place but up until now we were only aware of the one with dialogue. Both have always been there but now someone has realized that it can be used to instal malicious code without the owner of the browser being aware of the process. I stress that this is what I have deduced must be going on, but, I could be WRONG. |
zqwerty (97) | ||
| 353763 | 2005-05-11 12:31:00 | Sounds right to me! Thanks for the clear explanation. | Strommer (42) | ||
| 353764 | 2005-05-11 13:12:00 | You're welcome, I try do my best. | zqwerty (97) | ||
| 1 2 | |||||