| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 81189 | 2007-07-19 16:02:00 | Firefox Updates: IE STILL A Dumb Idea To Use. | SurferJoe46 (51) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 570401 | 2007-07-19 16:02:00 | Mozilla has rolled out Firefox 2.0.0.5 with patches for a total of 9 nine vulnerabilities, including cover for the controversial IE-to-Firefox code execution attack vector. (blogs.zdnet.com) Even after plugging the hole, Mozilla inserted a blunt message into its alert: This patch does not fix the vulnerability in Internet Explorer. The open-source group is also urging Web surfers to use Firefox to browse the web “to prevent attackers from exploiting this problem in Internet Explorer.” [ SEE: Microsoft should block that IE-to-Firefox attack vector ] (blogs.zdnet.com) Mozilla’s stance that there’s a critical flaw in Microsoft’s IE that puts Windows users at risk is also shared by Thor Larholm, one of the hackers who found/disclosed the bug. The latest from Larholm spells out the risk scenario: "I can still automatically launch a wide range of external applications from Internet Explorer and provide them with arbitrary command line arguments. AcroRd32.exe (Adobe Acrobat PDF Reader), aim.exe (AOL Instant Messenger), Outlook.exe, msimn.exe (Outlook Express), netmeeting.exe, HelpCtr.exe (Windows Help Center), mirc.exe, Skype.exe, wab.exe (Windows Address Book) and wmplayer.exe (Windows Media Player) - just to name a few… I can categorically deny that this flaw has been fixed in Internet Explorer. Nicolas Robillard even detailed this flaw back in 2004 and it has remained unpatched since long before then." LINK: blogs.zdnet.com |
SurferJoe46 (51) | ||
| 570402 | 2007-07-20 00:54:00 | I have made a point of not using either Microsoft IE or Outlook, and nothing will convince me to use these shonky insecure Microsoft products, Microsoft has always beeen in too much of a hurry to get their products to market, and it is obvious their test regimes are sadly lacking in the rigor necessary to guarantee a secure reliable product - and to add insult to injury, they get away with unfair competitive tactics making it very hard to use competitive products. It is a bloody shame that there has not been a successful class action against Microsoft for compensation for economic loss due to faulty software. |
KenESmith (6287) | ||
| 570403 | 2007-07-20 02:04:00 | On a related note, how do you stop Firefox from downloading automatic updates? I've turned off "Automatically check for updates to Firefox" in the options but the Help menu still says "Downloading Firefox 2.0.0.5". How do I stop it from trying* to download? *It never succeeds, I think it doesn't like my proxy server. |
Nermal (7077) | ||
| 570404 | 2007-07-20 05:47:00 | Nermal: I don't understand why you'd WANT to disable them...the last one was to fix a problem that crossed over from IE..so Firefox is on your side. Besides, I don't think the 2.0.0.5 was optional anyway..you get it and enjoy it..or we break yo' knees .....see? Now I just gotta see what they are gonna do for Flash to work again. |
SurferJoe46 (51) | ||
| 570405 | 2007-07-20 10:10:00 | As mentioned, the automatic updates never download, it shows "downloading" in the Help menu but never actually downloads. I've already downloaded and installed 2.0.0.5 manually, but it's still attempting to download the automatic update. | Nermal (7077) | ||
| 1 | |||||