Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

2 Firefox Security Flaws Lead to Exploit Potential

timothy posted more than 9 years ago | from the live-dangerously dept.

Mozilla 417

Marthisdil points out a News.com story which reports that "Two vulnerabilities in the popular Firefox browser have been rated "extremely critical" because exploit code is now available to take advantage of them." Security firm Secunia reported the vulnerabilities (and the "extremely critical" rating is theirs), but the News.com story points out that thus far, "no known cases have yet emerged where an attacker took advantage of the public exploit code." Update: 05/09 20:20 GMT by T : Rebron of the Mozilla Foundation sends a correction; this is really the same flaw reported yesterday. He suggests that you glance at the Mozilla security alert on this hole (as well other alerts at the Mozilla Security Center), and says "The Mozilla Foundation has made changes to our update servers that will protect users from this arbitrary code execution exploit."

cancel ×

417 comments

Sorry! There are no comments related to the filter you selected.

(OT) Request: Help From Moderators (-1, Troll)

Antitroll Task Force (882683) | more than 9 years ago | (#12480144)

Would someone with mod points mind going back to the comments listed below and modding this page-widening, crap-flooding troll into oblivion? With enough downmods, we can ban his subnet from posting and/or nail his list of open proxies. Those of us browsing with smaller screens, especially, would appreciate your help.

  1. #12474871 [slashdot.org]
  2. #12479293 [slashdot.org]
  3. #12479180 [slashdot.org]
  4. #12474734 [slashdot.org]
  5. #12479062 [slashdot.org]

  6. #12478939 [slashdot.org]
  7. #12474684 [slashdot.org]
  8. #12478810 [slashdot.org]
  9. #12478687 [slashdot.org]
  10. #12474635 [slashdot.org]

  11. #12478537 [slashdot.org]
  12. #12478407 [slashdot.org]
  13. #12474566 [slashdot.org]
  14. #12478260 [slashdot.org]
  15. #12478176 [slashdot.org]

I apologize for the offtopic nature of this request, but please keep it at this score for other moderators to see (i.e. don't mod me down). Thanks.

Re:(OT) Request: Help From Moderators (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12480194)

You act like someone who never even saw a GNAA post. You're just gonna aggravate the mods, you know this, right?

Anyway, welcome to Slashdot.

Re:(OT) Request: Help From Moderators (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12480200)

Yes, everybody, waste points modding down an AC!

Re:(OT) Request: Help From Moderators (0, Troll)

Shut the fuck up! (572058) | more than 9 years ago | (#12480263)

Nobody gives a shit about Trolltalk [slashdot.org] expect fags like you. You get what you deserve. So shut the fuck up!

Re:(OT) Request: Help From Moderators (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12480318)

get a job faggot

Fris prost! (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12480146)

Oh yes :P

FP? (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12480147)

Anyone's got a torrent?

First post!!!

FiberFHAX is teh SUXXORAS (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#12480153)

LOAL DUDES!!!

USE SAFEARI ON OH ESS EX!

Reason: Don't use so many caps. It's like NAMBLA.

First post (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12480155)

yeah!

IE (4, Funny)

blake3737 (839993) | more than 9 years ago | (#12480157)

I smell scandel, it was bill gates who wrote the code and you know it. IT's like the SetErrors flag in windows (Fp maybe?)

Re:IE (1)

blake3737 (839993) | more than 9 years ago | (#12480205)

Apparently Flamebait and sarcasm are the same thing on /. now.

sorry.. (2, Insightful)

rootedgimp (523254) | more than 9 years ago | (#12480158)

i dont mean to be trolling/flaimbait, but please
mod me accordingly if i am.

do we really need to see it posted here, every time
a firefox sploit is found?

gettin me all excited for nothing :/

Re:sorry.. (5, Insightful)

ViperG (673659) | more than 9 years ago | (#12480214)

Well, I would agree, but then why does slashdot post every IE bug that comes up?

Re:sorry.. (1)

rootedgimp (523254) | more than 9 years ago | (#12480258)

perhaps we shoud have neither, or perhaps slashdot should have their own catagory... bugs :) just use the same borg gates icon or maybe make a cute lil windows logo icon :D

Re:sorry.. (2)

ProfaneBaby (821276) | more than 9 years ago | (#12480298)

Neither would be best, but it won't happen. Therefore, both is more fair than Windows/IE only.

Fortunately, this type of posting is actually informative - most people don't follow the mailing lists and wouldn't have known any other way. Unfortunately, it's also a great way to start flamewars.

Win one, lose one, life moves on.

Re:sorry.. (0)

Anonymous Coward | more than 9 years ago | (#12480242)

do we really need to see it posted here, every time a firefox sploit is found?

Yes. What other excuse would we have for yet another hundred pages of "Firefox sux!" "No, Explorer sux!" and so on?

Re:sorry.. (2, Interesting)

MankyD (567984) | more than 9 years ago | (#12480278)

We hear about it every time IE has an exploit - and most people flame MS like it hasn't already gone out of style. Why should Mozilla be immune to such treatment?

...obligatory (4, Funny)

op12 (830015) | more than 9 years ago | (#12480421)

Welcome to Slashdot, you must be new here.

Dupe... (4, Informative)

RichM (754883) | more than 9 years ago | (#12480160)

And... (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12480315)

Like with the Apple dupe earlier, it will be deleted soon.

Yay slashdot editors!

See! See! (2, Insightful)

Anonymous Coward | more than 9 years ago | (#12480161)

Exploits rise with popularity. Watch out desktop linux.

Re:See! See! (0)

Anonymous Coward | more than 9 years ago | (#12480224)

Bug reports will increase with popularity, you're right. We kinda knew this already, though.

Re:See! See! (0, Redundant)

Kingofearth (845396) | more than 9 years ago | (#12480232)

Except it hasn't been exploited, its only a hole that could be exploited and will most likely be patched in a week or so.

Besides, it only works if you added sites to your whitelist other than the default Mozilla update ones.

Re:See! See! (2, Insightful)

ProfaneBaby (821276) | more than 9 years ago | (#12480330)

There was another critical hole that didn't require the whitelist addition.

Yes, Firefox will be updated.
No, not everyone who runs Firefox will update.
Yes, the hole will be used to install viruses and spyware.
No, installing Firefox once is not a single solution to surfing the internet safely - you still have to update, just like Windows Update/IE.

Re:See! See! (4, Informative)

Master of Transhuman (597628) | more than 9 years ago | (#12480346)

Correct.

One report says as follows:

Because the foundation controls all sites in the default software installation white list, it has been able to take preventative action by placing more checks in the server-side Mozilla Update code and moving the update site to another domain.

The foundation said users who have not added any additional sites to their software installation white list are no longer at risk.

So one down, the other to be fixed shortly.

News for Nerds? (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12480162)

It is rather sad that this story showed up on my wife's my yahoo page before it showed up on slashdot.

Re:News for Nerds? (3, Funny)

Anonymous Coward | more than 9 years ago | (#12480268)

You just missed it the first 3 times.

white linux won't be vulnerable to these exploits (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12480166)

Seems the owner of the whiteboxlinux.net [whiteboxlinux.net] and whiteboxlinux.com [whiteboxlinux.com] domains has decided to offer them on ebay [ebay.com] as a peace offering between wbel and himself.

This is really great news so lets hope someone with WBEL enthusiasm steps up to build a respectable community site.

asdasd (2, Insightful)

securehack5 (880712) | more than 9 years ago | (#12480168)

Seriously this Is getting repetitive. There are always flaws. Just update your browser and hope it doesn't become the next iexplore.

Re:asdasd (3, Insightful)

Dionysus (12737) | more than 9 years ago | (#12480326)

Hmmm... this bug affects Firefox 1.0.3. Going to mozilla.org, there are no update to 1.0.3. The browser hasn't notified me that there is an update available. So where is the update? Or do you expect people to download the nightly?

And to think... (5, Funny)

oskard (715652) | more than 9 years ago | (#12480173)

I JUST got through explaining to my parents why Firefox is a safer alternative.

Re:And to think... (0)

joebp (528430) | more than 9 years ago | (#12480252)

It's not safer than Internet Explorer, just less exploited. There is nothing in FireFox's architecture which makes it a more secure alternative to IE. It still contains a scripting-language interface to local file storage, networking and so on. WHY does a web browser need scriptable access to local storage? The answer is it doesn't, and the weak barrier placed between internet-sourced pages and local-sourced pages is continually and repeatedly penetrated with these Firefox vulns, as with IE local zone hopping vulns.

Avoid Firefox if you want secure, trustable web browsing. Consider other gecko browsers (epiphany, k-meleon, etc.), konquerer and opera as alternatives.

Re:And to think... (1, Informative)

Anonymous Coward | more than 9 years ago | (#12480352)

There is nothing in FireFox's architecture which makes it a more secure alternative to IE.

Except for the lack of ActiveX support.

Re:And to think... (1)

Malc (1751) | more than 9 years ago | (#12480361)

If these are JavaScript vulnerabilities, then won't they exist in anything that uses Gecko?

Re:And to think... (3, Informative)

tehshen (794722) | more than 9 years ago | (#12480429)

No, these are XUL vulnerablilities, which are not present in Gecko, only in Mozilla/Firefox. I can make a FileSystem ActiveX in Javascript and that's IE's fault, for anoyher example.

Re:And to think... (-1, Offtopic)

oskard (715652) | more than 9 years ago | (#12480385)

Thank you, +5 Funny

Re:And to think... (0)

Anonymous Coward | more than 9 years ago | (#12480331)

Your exerting effort of leaving your basement has all been for nought!

Re:And to think... (1)

bcs_metacon.ca (656767) | more than 9 years ago | (#12480359)

Read the Firefox code and prove it to yourself, or find someone you trust and get them to do it for you. Too bad you can't read the IE code to get the same level of assurance. And do you trust Bill? :-)

Re:And to think... (1)

oskard (715652) | more than 9 years ago | (#12480430)

Yeah interesting point though. If I can't read the code to figure out what exploits are possible, that means other people can't. Internet Explorer exploits are typically found by accident. I suppose, in the open source browsers, people could just sit around searching for exploits. So do I trust Bill? I have no fucking clue :D

Re:And to think... (4, Informative)

MikeFM (12491) | more than 9 years ago | (#12480408)

Does Microsoft offer bounties to those who find, and alert them to, security problems? Not as far as I know. This, along with the opensource nature of Firefox will eventually make it mature into a more solid product than IE is likely to be unless Microsoft changes it's attitude. Security is, and always has been, a goal with Firefox. That just isn't true of IE. Also Firefox has the benefit of 20/20 hindsight with it's design as it was designed after many important types of exploits were discovered whereas IE's codebase is much older.

Overall, I think Firefox is more secure than IE and will just grow to be increasingly more secure with time. That doesn't mean it is flawless. :)

Don't downplay it (4, Insightful)

Anonymous Coward | more than 9 years ago | (#12480176)

Come on, timothy. This is hardly the time to be downplaying the severity, even though we all like Firefox. There are undoubtedly people using the posted code, and they wouldn't be likely to tell News.com about it. Everyone should upgrade immediately.

Who's downplaying it? (0)

Anonymous Coward | more than 9 years ago | (#12480288)

If anything, news.com are, ehm, playing it up.

And just for your information, there is right now nothing to upgrade to, as a new firefox version which fixes the bug is expected shortly, but is not here yet.

However, if you really want to be on the save side, just open preferences and disable Allow web sites to install software under web features.

Bug Details (5, Informative)

Talian (746379) | more than 9 years ago | (#12480179)

Before everyone freaks out, take a look at the bug notes to get the details.

Exploitation requires the javascript bug AND a whitelisted site. The only default whitelisted site is the update.mozilla.org, and they have made changes to mitigate the problem on their end.

So unless you've whitelisted a lot of extra sites to install themes or extensions, this is not a huge risk. To be sure, disable install "Allow websites to install software" under options | web features, and if really worried, disable javascript.

Re:Bug Details (0)

Ark42 (522144) | more than 9 years ago | (#12480220)

Yeah, I don't really see how this "exploit" is really an exploit at all. If you whitelist a site, that means you can already install an XPI from that site. Extensions can easily to "bad" things of one sort or another (delete bookmarks or hide all the GUI widgets or something). You have to go add a site to the whitelist, it isn't like it can add itself somehow. This "exploit" does not really seem it should be labeled as "critical" because its NOT the type of exploit where you can get malware installed with NO user interaction simply by visiting any old random site.

Re:Bug Details (5, Informative)

That's Unpossible! (722232) | more than 9 years ago | (#12480283)

eah, I don't really see how this "exploit" is really an exploit at all. If you whitelist a site, that means you can already install an XPI from that site. Extensions can easily to "bad" things of one sort or another (delete bookmarks or hide all the GUI widgets or something). You have to go add a site to the whitelist, it isn't like it can add itself somehow.

RTFA. The site that runs the exploit does not have to be on the site you whitelisted. Part of the exploit is that it can pretend to be a site you whitelisted. The other part is that it can sneak in some javascript code where it shouldn't be able to (an icon url).

Contrary to the grandparent post, it is not enough that mozilla has updated their site. That mitigates only part of the problem, and only if you haven't whitelisted other sites.

Until 1.0.4 comes out, disable javascript.

Re:Bug Details - Poison DNS (4, Insightful)

Chairboy (88841) | more than 9 years ago | (#12480281)

So combine this with a poisoned DNS attack. update.mozilla.org resolves as your malware server, then you use this exploit.

Sure, it makes it a little harder to execute then, say, something like Nimda that could run free across the internet, but it's still a valid security issue.

hooray for handwaving (1)

rebug (520669) | more than 9 years ago | (#12480362)

No bug here...

Jesus H. Christ on a Hot Cross Bun, man, what does it take for you to consider something a problem? Does it have to burn your house down before you accept that yes, this is indeed a serious issue?

Dupe from yesterday (0)

Anonymous Coward | more than 9 years ago | (#12480183)

Dupe

IE is safest... (0, Troll)

*themotterfukker* (720134) | more than 9 years ago | (#12480188)

will be claimed in the topic of the zealotery propanda news medias 'friendly' to Microsoft, in the next few days, beware!

make it stop! (0, Flamebait)

justforaday (560408) | more than 9 years ago | (#12480191)

Won't someone end this duplicity?!?

Re:make it stop! (1)

ergo98 (9391) | more than 9 years ago | (#12480306)

http://www.answers.com/duplicity&r=67 [answers.com]

Of course, maybe that's what you meant...

Re:make it stop! (1)

ergo98 (9391) | more than 9 years ago | (#12480394)

Bah disregard my post I was being a dumbass again.

Re:make it stop! (0)

Anonymous Coward | more than 9 years ago | (#12480328)

The only thing that we could realize about all this crap is that editors DON'T READ Slashdot... kuro5hin anyone?

dupe? (0, Flamebait)

davez0r (717539) | more than 9 years ago | (#12480198)

dupe? [slashdot.org]

This is not a Dupe!!!1111!!!11 (0)

Anonymous Coward | more than 9 years ago | (#12480206)

The news here is that news.com is running a sensationalist story, that doesn't provide anything new, but is always good for page hits.

Again:
This is not a Dupe!!!11!!!11

Dupe or YAFFF ? (0, Redundant)

alexhs (877055) | more than 9 years ago | (#12480213)

Dupe or Yet Another FireFox Flaw ? Nah, easy to guess on Slashdot...

Mozilla's Security? (5, Insightful)

sterno (16320) | more than 9 years ago | (#12480215)

Mozilla and Firefox have been recommended as alternatives to IE for security reasons. Yet, lately, it seems that there's quite a lot of security problems being uncovered in Firefox. So I'm trying to figure out how to read this.

I suspect that Firefox is somewhat more secure on the simple basis that it is not as tightly integrated with the rest of the operating system as IE is. What makes IE exploits so nasty is that they tend to become email and other exploits too.

My concern is that if Firefox gains some more ground and does become a more active target for exploits, that it may become a poster child Microsoft can use to point out that open source software's "many eyes" theory is hogwash. Maybe it is hogwash.

Re:Mozilla's Security? (0)

Anonymous Coward | more than 9 years ago | (#12480256)

Just going to quote what someone else posted above you, since NO ONE seems to be reading the fucking article.

-
Before everyone freaks out, take a look at the bug notes to get the details.

Exploitation requires the javascript bug AND a whitelisted site. The only default whitelisted site is the update.mozilla.org, and they have made changes to mitigate the problem on their end.

So unless you've whitelisted a lot of extra sites to install themes or extensions, this is not a huge risk. To be sure, disable install "Allow websites to install software" under options | web features, and if really worried, disable javascript.
-

Re:Mozilla's Security? (0)

Anonymous Coward | more than 9 years ago | (#12480335)

I am waiting to see how long it takes for a patch/upgrade to fix the problem.
That is how i gauge better secure software.

Re:Mozilla's Security? (2, Interesting)

garcia (6573) | more than 9 years ago | (#12480353)

it may become a poster child Microsoft can use to point out that open source software's "many eyes" theory is hogwash. Maybe it is hogwash.

I don't run Firefox because I find it inferior to IE in rendering pages as they were intended (yes, we live in an IE world, deal with it).

As far as "many eyes" being hogwash, I can't agree. Even though these exploits were found recently work has been done to make sure that the exploits are closed quickly. Some of MSFT's holes were left open for MONTHS before anything was done (and that included half-assed workarounds to stop the problems).

While Firefox may not be the best browser for me and it might not be as "safe/secure" as the zealots would like you to believe, the bugs *are* fixed in a much shorter timeframe because the coders DO care about their product.

Re:Mozilla's Security? (5, Insightful)

Uruk (4907) | more than 9 years ago | (#12480372)

A few points to consider when you're evaluating the security of software:

  • Security issue visibility is not the same thing as security. Just because IE has more exploits publicized (or Firefox has more) doesn't actually mean they're more or less secure, it means they're getting more public attention about their security. Important difference. If someone has an objective, quantitative, and verifiable way of measuring a piece of software's security so that we can actually make these comparisons, I'd love to see it
  • The more users use a piece of software, the more it will be targeted. But again, that's not the same thing as saying "the more it will be exploited"
  • Most users ultimately decide based on personal experience, which typically trumps abstract reporting. Have you ever had a problem with Firefox? Have you ever had a problem with IE? I'd suspect most people who switched to Firefox did it because they actually experienced a problem with IE, not because it was more ideologically pure.

Re:Mozilla's Security? (1)

caino59 (313096) | more than 9 years ago | (#12480397)

this 'critical' exploit still requires a lot of user interaction...

until it's a process that is compltely transparent to the user, i wont get my panties in a bunch - and neither should you or your grandma.

for anyone educating people about firefox, i would hope they are also educating them not to click on everything that pops up.

Re:Mozilla's Security? (0)

Anonymous Coward | more than 9 years ago | (#12480398)

Don't be stupid. Every software has flaws. NOTHING is perfect. Once you can accept that then maybe you won't be so dumbfounded when a bug is found in software packages. I don't see anything in FireFox that could possible compare on the level of IE in terms of expliotability.

Market Share (0)

MankyD (567984) | more than 9 years ago | (#12480216)

Perhaps there has been no rush to exploit it due to the fact there with 10% market share, it would not effect a wide enough user base?

Is there a patch out yet? (1)

goldspider (445116) | more than 9 years ago | (#12480218)

When was this vulnerability first introduced? How long did/has it gone unpatched? Inquiring minds want to know.

What Firefox needs is... (5, Insightful)

turbofisk (602472) | more than 9 years ago | (#12480223)

What Firefox (and the rest of the suite) is a good way to upgrade the software, without installing everything as a new user would... This is something they really should fix...

Re:What Firefox needs is... (0)

Anonymous Coward | more than 9 years ago | (#12480354)

It should be fixed in version 1.1

Well... (1)

turtledot (827674) | more than 9 years ago | (#12480231)

"no known cases have yet emerged where an attacker took advantage of the public exploit code"

Not yet. Been looking for an opening. Thanks for the tip!

{code code code}

:-) :-)

Apologists...Start your Engines (0, Informative)

Anonymous Coward | more than 9 years ago | (#12480234)

Vroomm..Vrooom...

"But...IE...Disable Javascript....NOT FAIR!!"

It was expected (5, Insightful)

mpontes (878663) | more than 9 years ago | (#12480236)

With the spotlight on Firefox, it's obvious a lot more crackers and hackers are going to start looking at Mozilla Foundation's code. While previously there was little incentive for crackers to exploit vulnerabilities in MoFo's code, you can't say that now, with all the attention Firefox caught.

It's up to MoFo to fix their software as soon as vulnerabilities are reported now. The play time is over, from now on it's going to be Browser Wars II: The Security Menace.

Re:It was expected (1)

vcv (526771) | more than 9 years ago | (#12480270)

I already saw this one. I'll give you a clue: The big O wins.

Re:It was expected (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12480344)

For those of you who don't know what the big "O" is, visit the link below for a screenshot.

http://tehdely.on.nimp.org/shots/march/31/023.jpg [nimp.org]

I've been saying this all along. (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#12480245)

Firefox sucks, and is bloated. slashdot quit advertising this gay browser.

dupe-dee-dupe-dee-dupe (0)

Anonymous Coward | more than 9 years ago | (#12480246)

-dee-fucking-dupe [slashdot.org] !@#!!$%!@#$±!@±!±±!!!

Balanced? (4, Insightful)

PDHoss (141657) | more than 9 years ago | (#12480250)

"no known cases have yet emerged where an attacker took advantage of the public exploit code."

I appreciate this clarification. And I'm sure such a clarification will be included in the next IE bug report posted on Slashdot... Right?

PDHoss

Re:Balanced? (2, Insightful)

Uruk (4907) | more than 9 years ago | (#12480324)

Where does Slashdot say that it will provide a fair and balanced view of technology? Where does the site claim to be a source of unbiased journalistic excellence?

Isn't it incumbent upon all readers of all internet media to identify bias and understand what they're reading, and the viewpoint that it's coming from? Even when people do claim to be impartial that's necessary to do.

It's a tech site that's provided for tidbits of information, and to furnish and environment where we can all pick on each other. It ain't the New York Times. Welcome to Infotainment.

Re:Balanced? (0)

Anonymous Coward | more than 9 years ago | (#12480431)

It ain't the New York Times.

Indeed. These stories are real.

Well, usually.

Safar! (1, Funny)

ViperG (673659) | more than 9 years ago | (#12480261)

Well I'm glad I'm using my parents PowerBook with Safari atm. But when I get back home, maybe I should try and figure out a way to get notpad to browse the net, it seems the only safe windows alternative.

Re:Safar! (1)

bcmm (768152) | more than 9 years ago | (#12480357)

Lynx? Wget? You can download Windows builds of both.

Heres demonstration :/ (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12480269)

You Don't Want to Click on That Link...Trust Me... (1)

ultimabaka (864222) | more than 9 years ago | (#12480311)

n/t

This is It? (0, Troll)

ultimabaka (864222) | more than 9 years ago | (#12480276)

If this is the riskiest bug coming out of FireFox right now, I think I'm going to consider myself lucky. Microsoft's browser had at least one far greater bug to its IFRAME [serverpipeline.com] setup, on top of the countless other horrifying bugs running around.

Like others have said before, however, this is only the beginning for FireFox. As it gets more and more popular, more and more of these nasty bugs are going to appear and (hopefully not) be exploited. Won't stop me from enjoying FireFox, though, and it shouldn't stop anyone else either.

Oh really (0, Redundant)

Quantam (870027) | more than 9 years ago | (#12480277)

Whoa. So you mean the number of "extremely critical" holes discovered in a program varies in accordance with the number of users of the program? I never would have guessed... Gosh, you don't think that maybe IE's code really isn't worse than other browsers' after all, do you?

Re:Oh really (0, Funny)

Anonymous Coward | more than 9 years ago | (#12480322)

Dammit you troll flamebaiting asshole!!! I'm gonna mod you down, even if your post is totally on topic and totally true!!!

Rite of Passage (0, Troll)

Anonymous Coward | more than 9 years ago | (#12480280)

MS always claimed that Moz was less vulnerable to hacks and exploits due to the fact that less people were using it -- it had not yet reached critical mass. Seems that's changing....

It's bad, but maybe it signifies something good?

Proof-of-Concept (0)

Anonymous Coward | more than 9 years ago | (#12480282)

Tried the proof-of-concept and it did not work, any idea why? User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.7) Gecko/20050414 Firefox/1.0.3.

Activating Flame-thrower: (0)

Anonymous Coward | more than 9 years ago | (#12480297)

Please allow the current battle of the IE/Firefox flamewars to commence.

SANS Institute declares Firefox 'Unsafe' (0)

Anonymous Coward | more than 9 years ago | (#12480300)

Well, lets be fair.

Sadly, the Linux version of Firefox cannot be updated automatically despite the apparent need for daily updates. It seems interesting that with all the extensions that have been developed for Firefox, no one came up with a way to automate the Firefox updates on Linux.

But, don't fret. I understand that an MP3 playing extension will be released later today!

Re:SANS Institute declares Firefox 'Unsafe' (0)

Anonymous Coward | more than 9 years ago | (#12480414)

This is what emerge --sync and/ or apt-get update etc were made for.

Updating/Using only ONE copy of Firefox?? (2, Interesting)

Steve_Jobs_HNIC (513769) | more than 9 years ago | (#12480302)

Anyone know of a Firefox distribution that can be executed(and consequently updated just once) from a network drive or thumb drive?

I ask because I have alot of extensions on each of my Firefox installations. I have Firefox on my desktop at work, my laptop, my home computer, my wife's computer, etc etc

updating one computer (and then going into safe mode to find the extension that freaked out) is not that bad. But updating 5 or 10 computers can be a pain in the butt. Can I run ONE Firefox from *someplace* on the internet that has all my extesions/addons/updates?

only thing I can think of is using Remote Desktop, but then that's not what I really want to do :(

Does this affect Mozilla also? (5, Interesting)

llzackll (68018) | more than 9 years ago | (#12480305)

I'm a Mozilla user. I don't use Firefox. I'm guessing that Mozilla is affected by this as well, but every time a security flaw is found, only Firefox is mentioned.

SHOCK HORROR- software can have bugs!! (0, Troll)

kamikazejay (824744) | more than 9 years ago | (#12480325)

Honestly, why is this newsworthey? I dont think there is a single piece of software (except perhaps 'hello world' level) that doesnt have bugs.

I believe there should be a minimum intelligence needed to use the internet ,mainly being able to update things every now and then, often by simply clicking a 'next' button a couple of times (and I have yet to meet someone who, when properly instructed, fails this), so people should keep up to date without needing headlines reminding them that they should try to keep up to date. Bug reports should be limited to bug reports, and not invading out news sites.

Grrrr!!! (1)

cha0t1c (752261) | more than 9 years ago | (#12480341)

It was bound to happen..., . However (pause), if I get even a whiff of a malicious attack!!! //Regresses; Where the hell are my crit die!? Gimmie my +3 vorpal!// Ah, but those were the days when pencil, grid paper and an imagination made all of this meaningless.

LINUX USERS DON'T GET VIRUSES (4, Funny)

Anonymous Coward | more than 9 years ago | (#12480369)

Mind you, they don't get laid, either.

How could there be BUGS in open Sourse Software?!? (0)

Anonymous Coward | more than 9 years ago | (#12480378)

Look at all the eyes looking at the source
THE EYES-s-s-ss!!

Every downloader is a potential developer!
Every downloader is a potential developer!

Every downloader is a potential developer!

My god you people aren't living up to the F/OSS contract!

Moderators, delete this article, the author is an enemy of open source software, and probably works for M$cro$oft$$$ (M$FT) spreading FUD (Fear Uncertainty and Doubt)

we the open source community must fight against these people
because if we don't THEY will win!

Old news... (0, Redundant)

PatrickJ_M (844458) | more than 9 years ago | (#12480384)

This is old, old old news. I knew about this 2 nights ago, even had the exploit code, thanks to BugTraq mailing list.

Change Icon (0, Offtopic)

norm_z (154015) | more than 9 years ago | (#12480395)

Could we get a new icon for Firefox and dump the Mozilla icon?

In other news... (2, Funny)

Anonymous Coward | more than 9 years ago | (#12480406)

.. two unpatched security security holes (code named timothy and CmdrTaco) in Slashdot allowing posting of dupes were disclosed.

One Vulnerability Already Fixed (4, Informative)

Master of Transhuman (597628) | more than 9 years ago | (#12480419)

From a news report:

Because the foundation controls all sites in the default software installation white list, it has been able to take preventative action by placing more checks in the server-side Mozilla Update code and moving the update site to another domain.

The foundation said users who have not added any additional sites to their software installation white list are no longer at risk.

So one down, the other to be fixed shortly.

Meanwhile I got a notice this morning that tomorrow's Microsoft security patch will fix one major flaw, but leave others unpatched UNTIL NEXT MONTH.

So much for "days of unpatched vulnerability" supposedly favoring Microsoft.

Thank God I pirated my copy (0)

Anonymous Coward | more than 9 years ago | (#12480424)

I'm really glad I copied Fireof off a friend now. I'm sitting here laughing at all you fools who paid for your copies. You should know the right people, like I do.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>