Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

New Vulnerability in Firefox Browser

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread		 This topic is archived.
Home » Discuss » The DU Lounge Donate to DU
 
Nomad559 Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Sep-09-05 11:12 AM
Original message
New Vulnerability in Firefox Browser
New Vulnerability in Firefox Browser

A vulnerability has been reported in Firefox which could allow malicious sites to compromise computers running the browser. The security hole, which is rated highly critical by Secunia, affects all versions, including Firefox 1.0.6 and earlier and the just-released beta version of Firefox 1.5. An attack can be created using a specially-crafted URL, which will cause a buffer overflow in Firefox that results in a denial of service and, in some cases, remote code execution.

The flaw was discovered by researcher Tom Ferris of Security Protocols, who found an error in the way Firefox handles URLs (see description here). The vulnerability has been reported to the Mozilla Foundation, which is preparing a fix.

http://secunia.com
Printer Friendly | Permalink |  | Top
Chichiri Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Sep-09-05 11:13 AM
Response to Original message
1. Keep us posted.
I just updated to 1.5 beta last night.
Printer Friendly | Permalink |  | Top
 
Hugin Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Sep-09-05 11:16 AM
Response to Original message
2. Hmm... The one vulnerability in Firefox or the 3,000+ in IE.
How do I decide?

:shrug:
Printer Friendly | Permalink |  | Top
 
miss_kitty Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Sep-09-05 11:21 AM
Response to Reply #2
3. The one vulnerability in Firefox
which will be fixed sharpish by a small effective patch or the 3,000+ in IE that won't be fixed for years and only then the patch will be larger than the OS and still not work.

I know Prag. Some decisions are just plain tough.
Printer Friendly | Permalink |  | Top
 
Hugin Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Sep-09-05 11:22 AM
Response to Reply #3
4. ;)
My patches have patches.

:)
Printer Friendly | Permalink |  | Top
 
Nomad559 Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Sep-09-05 11:23 AM
Response to Reply #2
5. "The one vulnerability in Firefox"
Firefox has had 18 security Issues In 2005, and Internet Explorer has had 11 In 2005.

Firefox - 2005
18 security Issues
http://secunia.com/product/4227/#advisories_2005

Internet Explorer - 2005
11 security Issues
http://secunia.com/product/11/#advisories_2005

Opera 8 - 2005
6 security Issues
http://secunia.com/product/4932/#advisories_2005

Firefox's Market Share Slips; IE Rises
http://www.internetweek.com/news/168601335
Printer Friendly | Permalink |  | Top
 
Hugin Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Sep-09-05 11:26 AM
Response to Reply #5
7. Hrm... And when will the vulnerabilities in IE be fixed?
They'd have to trash Windows to do it.
Printer Friendly | Permalink |  | Top
 
Hugin Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Sep-09-05 11:28 AM
Response to Reply #7
9. Also, MS reports "multiple vulnerabilities" as one vulnerability.
As in this case...

http://secunia.com/advisories/14922/
Printer Friendly | Permalink |  | Top
 
Commie Pinko Dirtbag Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Sep-09-05 11:36 AM
Response to Reply #9
12. Good catch.
I feel like I'm watching a Republican trying to convince us only Democrats are at fault for the Katrina blunders.
Printer Friendly | Permalink |  | Top
 
Hugin Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Sep-09-05 12:07 PM
Response to Reply #12
17. Thanks Mr. Dirtbag...
Wasn't easy... I was still reeling from the skewed
Zogby Poll flying around yesterday.

The *only* thing it proved was an over representation
of Reaganites.

*whew*
Printer Friendly | Permalink |  | Top
 
Nomad559 Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Sep-09-05 12:11 PM
Response to Reply #12
18. A typical response
I would expect from a Firefox fanboy, behave like a freeper and try to Insult others.

Printer Friendly | Permalink |  | Top
 
Commie Pinko Dirtbag Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Sep-09-05 12:38 PM
Response to Reply #18
19. I advise you to look up the concept of analogy
Nah, I'm in a good mood; I'll do it for you: http://en.wikipedia.org/wiki/Analogy
Printer Friendly | Permalink |  | Top
 
Kellanved Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Sep-09-05 05:21 PM
Response to Reply #18
20. This has little to do with fanboydom
Firefox isn't perfect and the chrome concept has flaws - I don't think anybody denies that. I have quite a lot of respect for MS, especially for people like Raymond Chan.
However:
The reported bug is serious and will be fixed shortly. Unlike the dozens of IE issues, which have a tendency to stay open for years (like the crash I posted on this thread - Microsoft doesn't even acknowledge reports about the issue).
Using IE on any public dynamic website is a security hazard.

And the MS tactic is indeed like the tactic employed by conservative parties: smear a few absurd issues of the other party (like "inventing the internet") in order to make people ignore the own major faults.
Printer Friendly | Permalink |  | Top
 
Kellanved Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Sep-09-05 11:29 AM
Response to Reply #5
10. IE's Javascript implementation is a huge security issue
Edited on Fri Sep-09-05 11:39 AM by Kellanved
It's just considered a feature.
And as this particular new issue is in a feature not supported by IE at all, simply disabling the international URLs will re-establish parity in this discipline.


Also: without JavaScript at all (just a few lines of non-sense HTML):


http://v146136.dd2618.kasserver.com/pub/crash.html
Printer Friendly | Permalink |  | Top
 
Commie Pinko Dirtbag Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Sep-09-05 11:39 AM
Response to Reply #10
13. That didn't crash my Mozilla. What it is supposed to do to IE? (nt)
Printer Friendly | Permalink |  | Top
 
Kellanved Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Sep-09-05 11:40 AM
Response to Reply #13
14. Of course not. But it will crash IE.
:D
Printer Friendly | Permalink |  | Top
 
Commie Pinko Dirtbag Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Sep-09-05 11:41 AM
Response to Reply #14
15. Even the latest of the latest? (nt)
Printer Friendly | Permalink |  | Top
 
Kellanved Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Sep-09-05 11:42 AM
Response to Reply #15
16. AFAIK yes.
It does crash mine (it came with the OS, you know ;-) ) which should be up-to-date.
Printer Friendly | Permalink |  | Top
 
miss_kitty Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Sep-09-05 11:30 AM
Response to Reply #5
11. .
:spray:

How's the clunkfest SP2 working for ya?

:rofl:
Printer Friendly | Permalink |  | Top
 
no name no slogan Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Sep-09-05 11:24 AM
Response to Original message
6. Go Mozilla!
I'm a bit partial to Opera myself, but I'd trust Firefox before IE any day.
Printer Friendly | Permalink |  | Top
 
LaPera Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Sep-09-05 11:28 AM
Response to Original message
8. I see more and more problems and things I don't like about Firefox...
Not to mention more pop-ups...
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list Click to add this author to your Ignore list Fri May 03rd 2024, 01:56 PM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » The DU Lounge Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC