| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 57685 | 2005-05-09 21:28:00 | Firefox vulnerability rated extremely critical | Strommer (42) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 353750 | 2005-05-09 21:28:00 | Exploit code chases two Firefox flaws Published: May 9, 2005, 8:14 AM PDT Two vulnerabilities in the popular Firefox browser have been rated "extremely critical" because exploit code is now available to take advantage of them. The cross-site scripting and remote system access flaws were discovered in Firefox version 1.0.3, but other versions may also be affected, said security company Secunia, which issued the ratings Sunday. Read more here (news.com.com) |
Strommer (42) | ||
| 353751 | 2005-05-09 22:04:00 | Mozilla recommended that Firefox users either disable JavaScript or lock down the browser so it doesn't install additional software, such as extensions or themes, from Web sites. - from: www.techspot.com |
Strommer (42) | ||
| 353752 | 2005-05-10 03:31:00 | So does this mean that supposing I clicked on the disguised .Xpi instal code somewhere on a dastardly site, I would not get the normal dialogue coming up in the Extensions window on whether I do want to complete the instal or not. How does one "lock down the browser" officially? |
zqwerty (97) | ||
| 353753 | 2005-05-10 04:54:00 | Exploit code chases two Firefox flaws Published: May 9, 2005, 8:14 AM PDT Two vulnerabilities in the popular Firefox browser have been rated "extremely critical" because exploit code is now available to take advantage of them. The cross-site scripting and remote system access flaws were discovered in Firefox version 1.0.3, but other versions may also be affected, said security company Secunia, which issued the ratings Sunday. Read more here (news.com.com) Which just shows you MS and IE are not that bad afterall. You only hear about them because so many people use them. As more and more people use FireFox you will see more and more flaws. Programmers are only human too. |
Big John (551) | ||
| 353754 | 2005-05-10 05:24:00 | I think not. Because you have one badly written hole-ridden rubbish browser and then another comes along which is also found to have flaws and holes does not make the first one any better, You just end up with 2 pieces of rubbish. | pctek (84) | ||
| 353755 | 2005-05-10 05:28:00 | Which just shows you MS and IE are not that bad afterall. You only hear about them because so many people use them. As more and more people use FireFox you will see more and more flaws. Programmers are only human too. Yes. If you want a balanced view though, you should have a good look through Secunia (www.secunia.com), and the Sans Top 20 Vulnerability List (www.sans.org/top20). Very boring, but more balanced and complete than the newsbites you get in the popular press. |
vinref (6194) | ||
| 353756 | 2005-05-10 09:36:00 | As long as the only two sites that you have listed to automatically install software is; addons.mozilla.org and updates.mozilla.org then you'll be ok for the installation of updates and themes. Just don't get them from any other sites until a patch comes out. The thing with using FF is that it is harder for dirtbags to exploit the OS from it as it is not embedded in the OS. |
Murray P (44) | ||
| 353757 | 2005-05-10 14:41:00 | "Locking down" the browser, the answer I was looking for: disabling Javascript functionality and the "Allow web sites to install software" option. the last found here: Tools/Options/Web features |
zqwerty (97) | ||
| 353758 | 2005-05-10 14:45:00 | By the way, Firefox 1.0.4 will be released soon, from here: news.softpedia.com |
zqwerty (97) | ||
| 353759 | 2005-05-10 17:14:00 | Or you could download a nightly build. | vapo (5203) | ||
| 1 2 | |||||