Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Zero-Day IE Exploit Takes Control of PCs

CmdrTaco posted more than 8 years ago | from the here-we-go-again dept.

Internet Explorer 567

anethema writes "A remote IE exploit with implementations is currently in the wild. From the article: 'Exploit code for a critical flaw in fully patched versions of Microsoft Corp.'s Internet Explorer browser has been released on the Internet, putting millions of Web surfers at risk of computer hijack attacks.' Aparently all you have to do is browse the page to be affected. There is no patch, but since it is a JavaScript exploit, you can work around it by disabling JavaScript."

Sorry! There are no comments related to the filter you selected.

This is why... (5, Insightful)

wpiman (739077) | more than 8 years ago | (#14090137)

I use Firefox.

This is why... (1, Interesting)

Anonymous Coward | more than 8 years ago | (#14090151)

I use Opera.

This is why... (5, Funny)

MartinG (52587) | more than 8 years ago | (#14090185)

I use netcat.

This is why... (5, Funny)

BushCheney08 (917605) | more than 8 years ago | (#14090204)

I don't browse the web.

Re:This is why... (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14090377)

I don't even have a Internet connection *OR* a computer.
(I'm using pure mind control to post this comment)

TDz.

Re:This is why... (2, Funny)

buswolley (591500) | more than 8 years ago | (#14090210)

I use CowboyNeal. --oops.

Re:This is why... (1)

buswolley (591500) | more than 8 years ago | (#14090320)

I thought this was a poll....

instead it was a pole.

Re:This is why... (-1)

Anonymous Coward | more than 8 years ago | (#14090234)

<IMG> I use Lynx <BACK>

Re:This is why... (5, Funny)

msdschris (875574) | more than 8 years ago | (#14090208)

I use telnet and render the HTML mentally.

Re:This is why... (3, Funny)

aicrules (819392) | more than 8 years ago | (#14090297)

Only to be stricken by sloppy internal perception code causing random synapse firings building to a pace that you suddenly just start breakdancing.

Re:This is why... (5, Funny)

Scoth (879800) | more than 8 years ago | (#14090329)

You say that in jest, but imagine the possibilities for exploits when/if we get the point of direct neural implants for communications and such. Just imagine, instead of porn popups, lockups, and reboots we'll have people suddenly yelling about viagara at the top of their lungs, freezing up and falling over mid-stride, and suddenly forgetting where they are.

Maybe anyway :)

Re:This is why... (5, Funny)

Anonymous Coward | more than 8 years ago | (#14090406)

You've met my grandfather, I take it.

Re:This is why... (5, Funny)

andreMA (643885) | more than 8 years ago | (#14090409)

Two of those three would apply to the current crop of US politicians. All three if you count Bob Dole.

Re:This is why... (3, Funny)

Anonymous Coward | more than 8 years ago | (#14090199)

This why I use a mainframe. Micros are just toys, bad enuff they have crummy hardware but their software is crap too.

Re:This is why... (1)

buswolley (591500) | more than 8 years ago | (#14090397)

Yeah, you can get those anywhere these days for next to nothing...Why do normal consumers buy PC's with such a deal on the market.

Re:This is why... (3, Funny)

ZiakII (829432) | more than 8 years ago | (#14090219)

I use lynx....

Re:This is why... (2, Insightful)

csgames (816481) | more than 8 years ago | (#14090283)

This is why, if you try the PoC with FF1.0.7 or 1.5RC3, FF CPU usage will rise to 100%, DoS'ing it. These stupid FF r0x0rs comments are becoming more and more dull every day.

Re:This is why... (1)

krewemaynard (665044) | more than 8 years ago | (#14090389)

There are ways to get around it. Try the NoScript extension to create a whitelist of sites that use javascript. It's a bit of work at first to train it, but once you get the sites you use regularly, it's pretty handy.

Oh, and FF r0x0rs.

This code (4, Informative)

paranode (671698) | more than 8 years ago | (#14090310)

Will DOS Firefox. Not as bad as an exploit but they have issues to fix as well.

Re:This is why... (1)

Fx.Dr (915071) | more than 8 years ago | (#14090402)

You see what happens when you buy a browser at IKEA? I told you those weren't "spare parts"...

Work around it? (1)

jackcarter (884148) | more than 8 years ago | (#14090139)

How about I "work around it" by not using IE?

Ouch. (4, Insightful)

Pxtl (151020) | more than 8 years ago | (#14090142)

Remember when web browsers were just for viewing HTML pages, and not as a platform agnostic instant-rollout applications platform?

Yeah, me neither.

Re:Ouch. (2, Interesting)

Overzeetop (214511) | more than 8 years ago | (#14090206)

Well, actually, yeah. I remember back in the early 90s when a secretary showed my this Mosaic thing she'd found. I told her it looked interesting, but that I could get anything I needed off of gopher. It didn't seem like anything that would take off. Fast forward a year or so, and I remarked to a couple of friends, after starting to use mosaic and looking at HTML, that in a couple of years you'd see web addresses instead of 800 numbers in advertising pretty soon. They looked at me like I told them computers would grow legs and walk around the office. 0.500 isn't too bad, right?

No real point to this post - just an old fart trying to avoid real work by surfing slashdot...

Re:Ouch. (1, Funny)

Anonymous Coward | more than 8 years ago | (#14090255)

We wouldn't have this problem if we'd stuck with Netscape 1.0! But nooo, everyone wanted to see the fancy-pantsy javascript-based animations. Why in my day, javascript animations were called flip books, and we had to walk 15 miles in the snow to buy one. uphill. both ways.

Re:Ouch. (2, Insightful)

Malc (1751) | more than 8 years ago | (#14090264)

Yeah, I remember all those white pages with black text and blue links. Back when every nerd had to have a personal web site.

Thanks goodness browsers and the WWW got beyond academia because even with all the shit we have to put up with today (like this JScript exploit), the experience is far better and vastly outweighs the problems. Of course, there will always a small number of irrelevant people who like to portray themselves as elite by complaining about how the concept of the browser has changed. I really don't miss the early web with Mosaic downloading slowly and Netscape with its pulsing N, and lots of very bad personal web pages. I really don't need to use Lynx either.

Oh, and no I'm not forgetting that there are people trying to browse the web on mobile devices with ridiculously small screen. Good luck to you! But, I don't see why every web page should cater to the lowest common denominator.

Re:Ouch. (2, Interesting)

s20451 (410424) | more than 8 years ago | (#14090352)

Yeah, I remember all those white pages with black text and blue links. Back when every nerd had to have a personal web site.

I may be a nerd, but I like to think of my page design [andreweckford.com] as "clean" and "fast-loading", thank you very much.

Re:Ouch. (0)

Anonymous Coward | more than 8 years ago | (#14090308)

Random mumblings...

MS developed this exploit to try and get users to disable JavaScript and therefore nip this whole AJAX thing in the bud until they have a chance to catch up.

Microsoft Office Live and the security patch for IE will be released on the same day.

Teh ninjas trained by Jimmy Hoffa implanted radios in my fillings to transmit my thoughts to the CIA satellites.

Where is everyone? (1)

EmperorKagato (689705) | more than 8 years ago | (#14090147)

Wow. Everyone must have had their computers infected by a virus that utilizes the exploit.

Re:Where is everyone? (0)

hplasm (576983) | more than 8 years ago | (#14090173)

IE users on ./? Shome mishtake shurely!

Oh yeah (-1)

Anonymous Coward | more than 8 years ago | (#14090148)

I love it.........

Prevent future vulnerability (-1, Redundant)

missing_myself (857407) | more than 8 years ago | (#14090150)

There is no patch, but since it is a javascript exploit, you can work around it by disabling javascript." To prevent future vulnerability install firefox. www.mozilla.org

W00ty!! (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14090152)

I just exploited me first post!!!

And as usual... (5, Funny)

Billosaur (927319) | more than 8 years ago | (#14090156)

From eWeek: The group that published the exploit said Microsoft has been aware of the Javascript Window() vulnerability for several months but was mistakenly treating it as a low-priority denial-of-service flaw.

Because anything that allows a malicious user to exploit your system and hijack isn't a flaw... it's a feature!

Re:And as usual... (4, Funny)

meringuoid (568297) | more than 8 years ago | (#14090198)

Because anything that allows a malicious user to exploit your system and hijack isn't a flaw... it's a feature!

This kind of thinking is extremely $sys$profitable irresponsible.

Re:And as usual... (5, Funny)

zootm (850416) | more than 8 years ago | (#14090324)

This kind of thinking is extremely $sys$profitable irresponsible.

My god, Sony have provided a viable Windows alternative to the old ^W^W^W^W *nix joke... it's worse than we thought!

Re:And as usual... (1)

knightf0x (218696) | more than 8 years ago | (#14090387)

"Most people, I think, don't even know what a remote IE exploit, so why should they care about it?"

Re:And as usual... (1)

tehshen (794722) | more than 8 years ago | (#14090360)

You're nearer to Microsoft's business plan than you think, there.

1) Microsoft creates horribly insecure software with a lot of features. 2) People buy software, use it, and standardise on it. 3) Flaws are uncovered, but people can't move away from software because they need the features. 4) Profit!

Seriously, it's worked for IE (sites testing for IE only and declaring anything else as broken) and Office (people not moving away because Office has some random esoteric thing that they so badly need)

hear that... (0)

DarthSensate (304443) | more than 8 years ago | (#14090165)

I can hear my network grinding to a halt as I type this.

Wouldn't a better workaround be.. (1, Interesting)

Anonymous Coward | more than 8 years ago | (#14090169)

To just not use Internet Explorer?

get the fax.... (0)

Anonymous Coward | more than 8 years ago | (#14090171)

Someone tell the MS apologists two threads down, please :)

Link to a copy? (-1, Troll)

KinkoBlast (922676) | more than 8 years ago | (#14090175)

I want to use it on school computers - they wwould just be getting what they deserve for flat-out refusing requests to get Firefox installed.

Re:Link to a copy? (1)

buswolley (591500) | more than 8 years ago | (#14090257)

Exactly.. And could you convince them to up the monitor's refresh rate from the mininum to something that won't kill this poor student's eyes?

Re:Link to a copy? (1)

CastrTroy (595695) | more than 8 years ago | (#14090392)

On another point, why doesn't Microsoft default windows to some better refreh rate. Surely there's ways to determine what refresh rates the monitor accepts when you install the OS. If you can see this, click ok, works pretty well in most situations.

Re:Link to a copy? (3, Insightful)

artifex2004 (766107) | more than 8 years ago | (#14090300)

I want to use it on school computers - they wwould just be getting what they deserve for flat-out refusing requests to get Firefox installed.

So you'd deliberately and maliciously cause problems, just to prove you were on some imaginary moral high ground?

I'm glad to see that (3, Funny)

WhiteWolf666 (145211) | more than 8 years ago | (#14090176)

Microsoft's total time of 0wnerzship continues to decrease.

Its important for MS to keep ahead in this area.

Re:I'm glad to see that (2, Informative)

xtracto (837672) | more than 8 years ago | (#14090261)

It is Total Cost of 0wnership [bsdnexus.com] =-)

Re:I'm glad to see that (1)

Stachel (718095) | more than 8 years ago | (#14090294)

Microsoft's total time of 0wnerzship continues to decrease.
...while the total time that it's clients are pwn3d continues to increase.

...or by not using Internet Explorer (2, Insightful)

LoaTao (826152) | more than 8 years ago | (#14090182)

Seriously. I know that IE's market share is still huge, but for the life of me I can't understand why.

Re:...or by not using Internet Explorer (4, Insightful)

dwandy (907337) | more than 8 years ago | (#14090274)

IE's market share is still huge, but for the life of me I can't understand why.

Take Preinstalled Browser,
Add to Lazy User,
and mix in a healthy dose of Ignorance.

Alternate Receipe:
Take Preinstalled Browser,
Add Fear Of Change.

Despite having Firefox installed at home, my wife insists on MSExploder .... I think the linux migration time-table is getting shortened.

Is there a tenor in the house? (5, Funny)

MikeMacK (788889) | more than 8 years ago | (#14090183)

The SANS ISC's Ullrich said IE users should consider switching to Firefox of Opera.

Ah, the Firefox of Opera - who is that, Pavarotti?

How long will I be without E-Porn?! (1)

milktoastman (572643) | more than 8 years ago | (#14090188)

You mean unless I get with the program and use Firefox, I can't browse questionable free porn sites until this gets fixed?! Well, perhaps this is a good thing. If anything can get me over my inertia against change, it will be threat of no 'self-amusement' on these lonely, chilly northern nights. Firefox, here I come!

Oh no.. (3, Interesting)

Dynamoo (527749) | more than 8 years ago | (#14090191)

Oh no.. here we go again. No, it's not that there's another flaw in IE that I say that because some things are inevitable.. death, taxes and IE flaws. But any self-respecting IT professional or geek won't be using IE anyway. Sure.. users do, but they're much further down the food chain.

No, the reason I'm saying it is that this being Slashdot we'll get the usual set of arguments about browser and OS supremacy. Again. It's like Groundhog Day!

Shucks, everything has security flaws. Yeah, some more than others. To be honest, I found it more of a shock that Lynx has a security flaw [idefense.com] . If you can't trust Lynx to be secure, then really nothing is secure. Except unplugging your computer and putting it back in the box, perhaps.

Re:Oh no.. (0, Offtopic)

John the Kiwi (653757) | more than 8 years ago | (#14090259)

You must be new here.

Re:Oh no.. (1)

MikeURL (890801) | more than 8 years ago | (#14090289)

The anti-MS argument in this case would probably be that a company with the resources of MS should not allow a browse-pwn exploit to exist for months without fixing it.

Re:Oh no.. (1)

ralph1 (900228) | more than 8 years ago | (#14090306)

You better secure the room the box is in else someone will pretend they are playing mission impossible.

Re:Oh no.. (1)

Tlosk (761023) | more than 8 years ago | (#14090309)

It's relative risk, not a yes or no situation.

Some things are riskier than others, the decision is to avoid behaviors that exceed your risk tolerance threshold. For me that's the case with IE, it's just too risky for me to use it. Firefox on the other hand is currently tolerable, the benefit outweighs the risk.

Gah! (5, Insightful)

Anonymous Coward | more than 8 years ago | (#14090311)

users do, but they're much further down the food chain

Except that regular users comprimise a greater number of Internet users. So if Joe Average uses IE, more people are going to be affected by this flaw.

we'll get the usual set of arguments about browser and OS supremacy.

If something has fewer security problems, isn't it "superior" in that respect?

If you can't trust Lynx to be secure, then really nothing is secure.

Right. Because if something has one flaw, then you might as well not even bother trying, because everything has flaws. I mean, just because IE has had double-or-triple-digit flaws, clearly this one flaw in lynx makes all arguments against IE moot.

What an inane comment.

Re:Oh no.. (1)

glsunder (241984) | more than 8 years ago | (#14090395)

If you can't trust Lynx to be secure, then really nothing is secure.

I use wget and vi, you insensitive clod!
(damn those bastards who use word to create web pages)

Thank you (5, Funny)

steveo777 (183629) | more than 8 years ago | (#14090193)

Now that you've read the comments, your Windows box belongs to OSTG. Please stand by while we load Linux.........

Fastest Fix Around (-1, Offtopic)

GweeDo (127172) | more than 8 years ago | (#14090194)

Fear not! [googlesyndication.com] Get Firefox and get the fix!

Re:Fastest Fix Around (0)

Anonymous Coward | more than 8 years ago | (#14090263)

Okay, dumbass. Nice try at getting a couple of dollars out of a few people. Perhaps you could have linked to the real website [mozilla.org] instead of being stupid about it.

Give it 5 (4, Funny)

intmainvoid (109559) | more than 8 years ago | (#14090197)

We have also been made aware of proof of concept code that could seek to exploit the reported vulnerability but are not aware of any customer impact at this time

Well, there might be no customer impact at this time, but seeing as the exploit is published now, can I ask you again in about 5 minutes?

Re:Give it 5 (1)

Quarters (18322) | more than 8 years ago | (#14090382)

Free AJAX Calendar, and not like a paper calendar moved online either. You're right! My paper calendar doesn't send my information off to Google Analytics.

nothing to see here, moving on (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14090201)

why isn't my return button working? why is my connection slow? what's all this new software?

In other news (3, Funny)

epsalon (518482) | more than 8 years ago | (#14090202)

The sun has risen this morning, and the Earth is rotating around its axis.

Nothing to see here - move along.

I don't care (1, Interesting)

Anonymous Coward | more than 8 years ago | (#14090205)

I have a dual boot system:

1. Windows for games and the occasional Windows-only software. Nothing sensitive there. Rootkit me all you want.

2. Linux for the serious stuff.

Everyone should do the same.

Re:I don't care (1)

meringuoid (568297) | more than 8 years ago | (#14090279)

I have a dual boot system: 1. Windows for games and the occasional Windows-only software. Nothing sensitive there. Rootkit me all you want. 2. Linux for the serious stuff.

So... an attacker who's pwnz3d your Windows installation can't then access the MBR, futz with your bootloader and pass the options of his choice to your Linux kernel at next boot time? He can't install rfstool on the sly and mount your Linux partitions and plunder your personal information you keep there?

Re:I don't care (2, Insightful)

RingDev (879105) | more than 8 years ago | (#14090381)

Take off the tin foil hat. The amount of work it would take to write such an exploit would be huge and would only get a tiny fraction of the market. There's no profit in it, there's no notoriety for it.

Why rob a bank? Because that's where the money is.

Why write viri for Windows/IE? Because that's where the users are.

-Rick

I hope this gets into a doubleclick ad (4, Insightful)

WhiteWolf666 (145211) | more than 8 years ago | (#14090209)

/evil on

That'd be SO funny

Someday, an IE exploit is going to come along that wipes your HD. Then we'll see sparks fly. /evil off

I hope this gets into a SQL server site. (0)

Anonymous Coward | more than 8 years ago | (#14090404)

Or better: into lots of SQL server sites.

Too bad it's multifile, or else we could even make it self-propagate...

set an ACL to stop this (1)

r00t (33219) | more than 8 years ago | (#14090216)

The sure way to prevent IE from causing trouble is to set an ACL on the executable. If you remove or overwrite the executable, some sort of "helpful" feature may restore it.

Set access to deny permission to "everybody". Since "everybody" is special, that prevents even the admin from doing anything.

(then, of course, you use firefox)

Re:set an ACL to stop this (1)

atta1 (558607) | more than 8 years ago | (#14090351)

Then, of course, you can't run windows update to fix all the other problems you may be having.

The facts please (0, Redundant)

bogaboga (793279) | more than 8 years ago | (#14090220)

Slashdotters, let me put this out early.

On story like this, we need the facts, period. No hype, rhetoric or personal opinions. Only the facts please, because I know members are going to tout the "other browser" as the safer one.

Now, mod me whatever you want, but the info you provide should be FACTS.

Re:The facts please (1, Funny)

Sockatume (732728) | more than 8 years ago | (#14090246)

Fact: The other browser is the safer one. *runs*

Re:The facts please (0)

buswolley (591500) | more than 8 years ago | (#14090296)

Fact. You are not my ruler, nor my king. But firefox is my right hand man.

Re:The facts please (4, Insightful)

Prospero's Grue (876407) | more than 8 years ago | (#14090299)

On story like this, we need the facts, period. No hype, rhetoric or personal opinions. Only the facts please, because I know members are going to tout the "other browser" as the safer one.

Now, mod me whatever you want, but the info you provide should be FACTS.

Fact: A critical security flaw has been found in IE, and the SANS ISC is recommending that people use one of the "other browsers".

Howzat?

Re:The facts please (0)

Anonymous Coward | more than 8 years ago | (#14090323)

What "fact" did you provide in your post? Your post looks like a "personal opinion" to me.

Re:The facts please (1)

bogaboga (793279) | more than 8 years ago | (#14090405)

> What "fact" did you provide in your post? Your post looks like a "personal opinion" to me.

Did I claim I was putting forward facts? No. And yes, it's a personal opinion, not to the main story but to what people like you would post. Read the post again.

DOS's Firefox too... (0)

Anonymous Coward | more than 8 years ago | (#14090222)

I just tried to run the POC on a 1.5rc2 Firefox install - crashed it to hell...

Bam! (1)

Chayak (925733) | more than 8 years ago | (#14090224)

The key thing here is not to use IE. That seems to come up a lot, wonder if that is a hint that a multibillion dollar company with an army of programmers can't manage to write a good browser while an open source browser has had less problems, but by no means no problems just not problems that let people take control of your computer thats all.

good example of why Microsoft is bad at security? (4, Interesting)

diegocgteleline.es (653730) | more than 8 years ago | (#14090225)

This exploit exploits a vulnerability on a already found denial-of-service attack which Microsoft classified six months ago as "low-priority"...

Re:good example of why Microsoft is bad at securit (1)

mrtroy (640746) | more than 8 years ago | (#14090276)

This exploit exploits a vulnerability on a already found denial-of-service attack which Microsoft classified six months ago as "low-priority"... Well at least Microsoft is shown in studies to have far less serious bugs, and therefor require less patches.

Haha, low priority...

CVE link (1)

diegocgteleline.es (653730) | more than 8 years ago | (#14090288)

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CAN-2005-1790 [mitre.org]

"Phase: Assigned (20050601)"

IE hackers too busy trying to play catch up with firefox to fix non-critical bugs, maybe?

The good thing of all this is that since Microsoft only releases security patches on thursday - you know, "admins want predictability" and all that shit that some companies use and that lots of shitty admins believe - so you have a full week as minimum to exploit this on your web pages. Enjoy, IE users!

Zero-day? No. (3, Informative)

MoNickels (1700) | more than 8 years ago | (#14090232)

The original article and the Slashdot headline are wrong. It's not a "zero-day exploit." The article itself says, "The group that published the exploit said Microsoft has been aware of the Javascript Window() vulnerability for several months but was mistakenly treating it as a low-priority denial-of-service flaw." A zero-day exploit is one that is discovered or revealed the day software becomes available, be it brand-new software, an update, a patch, or a service pack.

"Zero day" refers to publication of the exploit... (1)

csoto (220540) | more than 8 years ago | (#14090262)

not when the code maintainer was notified of it. Basically, M$ says "oh, here's a bug" then whammo, an exploit. Still sucks to be them...

Re:Zero-day? No. (1)

MoNickels (1700) | more than 8 years ago | (#14090286)

PS: I understand that a zero-day exploit can also refer to the use of a vulnerability discovered before the release of software, but the software affected here is not new.

I for one... (0, Offtopic)

Kamic (723048) | more than 8 years ago | (#14090253)

welcome our javascript exploited overlord domains.

oh wait, no I dont! *disables javascript* ha!

DUPE! (3, Funny)

andreMA (643885) | more than 8 years ago | (#14090322)

Oh, wait... it just seems that way. Carry on...

lazy story submitters (5, Funny)

mapmaker (140036) | more than 8 years ago | (#14090325)

Aparently all you have to do is browse the page to be affected.

What, no link?

Say goodnight, AJAX (2, Insightful)

ptomblin (1378) | more than 8 years ago | (#14090339)

Just when I'm considering using more AJAX stuff on my web site, along comes another in a long line of Javascript vulnerabilities. Maybe it's not time to do AJAX. Or to make it lock out IE browsers.

What we need now is... (0, Flamebait)

null etc. (524767) | more than 8 years ago | (#14090343)

...one more study to show us how much more secure Windows is vs. Linux. Notice how the announcement of those studies never coincides with the announcement of a critical IE or RPC exploit?

I’m safe! (1)

BandwidthHog (257320) | more than 8 years ago | (#14090350)

I don’t have to worry about JavaScript exploits because I use the new super safe IE7! It utilizes Microsoft’s super new language, JScript! Download this super new web browser today and keep your Windows safe from all those evil hackers*!

*and other assorted open source terrorists

Browser? (2, Funny)

cloudkiller (877302) | more than 8 years ago | (#14090356)

IE? I don't have that; I use Windows.

Thank you (5, Funny)

nealfunkbass (701961) | more than 8 years ago | (#14090363)

The holidays are a time for giving.

Now that you've RTFA, and you are now looking at the comments page, the staff of Slashdot and EWeek would like to thank you for visiting our web pages and giving us full control of your windows PCs.

Happy Holidays!

Proof of Concept Code (1)

lbmouse (473316) | more than 8 years ago | (#14090385)

Computer Terrorism Ltd. published the proof of concept code [computerterrorism.com] on Monday. Their example even seems to hang my copy of Firefox.
 

no patch (1)

NthDegree256 (219656) | more than 8 years ago | (#14090394)

"There is no patch,"

Am I wrong in guessing that, had this been a Firefox exploit, this particular phase would have been worded more generously? Say, "There is no patch yet"?

I mean, surely something as severe as a JavaScript hack will be as high on Microsoft's list of priorities as it would be on the Mozilla team's...

MS reasserts it's dominance (1)

MyOtherUIDis3digits (926429) | more than 8 years ago | (#14090396)

They must have hated the press Firefox received over it's first security issues. "No one takes over our exploit vulnerability market! This is MY HOUSE, bee-otch!!!"

My Powerbook and Linux server look better every day.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?