OT: Firefox again

[ozstang65]

I recall a discussion a while back about the Firefox Web Browser that was eventually pushed into the talk section. I've posted this here so that the majority of the forum's viewer's can pick up on it straight away.

It was only a matter of time really...

Firefox suffers 'extremely critical' security hole
Matthew Broersma, Techworld.com

10/05/2005 07:30:26

Firefox has unpatched "extremely critical" security holes and exploit code is already circulating on the Net, security researchers have warned.

The two unpatched flaws in the Mozilla browser could allow an attacker to take control of your system.

A patch is expected shortly, but in the meantime users can protect themselves by switching off JavaScript. In addition, The Mozilla Foundation has now made the flaws effectively impossible to exploit by changes to the server-side download mechanism on the update.mozilla.org and addons.mozilla.org sites, according to security experts.

see http://www.pcworld.idg.com.au/index.php?id=1917498316&eid=-108 for more info

 

[meanroy]

additional info

Workaround
The Mozilla Foundation has made changes to our update servers that will protect users from this arbitrary code execution exploit. Users who have added other extension or theme sites to the software installation whitelist should remove them until a fixed version of Firefox is available.

1. Select the "Options" dialog from the "Tools" menu
2. Select the "Web Features" icon
3. Click the "Allowed Sites" button on the same line as the "Allow web sites to install software" checkbox
4. Click the "Remove All Sites" button
5. Click "OK"

More...Mozilla Foundation Security Advisory 2005-42

Update Download page

Or just click the red ball in the upper right hand corner of the browser.
Roy.

 

[shotsy]

Update Download page

Or just click the red ball in the upper right hand corner of the browser.
Roy.

Just thought that I'd mention that no one has reported a successfull intrusion/attck due to this bug. But good lookin out!!!

 

[ron67fb]

Just thought that I'd mention that no one has reported a successfull intrusion/attck due to this bug. But good lookin out!!!

It's basically "CYA" marketing. Just like recalling 500,000 vehicles because "Fuel tank strap may dislodge during head on collision and cause fiery, painful death" even though it's never happened and most likely never will. Then just like cars, there will be the Firefox haters saying "haha see it isn't secure after all LOL OMG !!!1!1 get a Mac instead ROFLBBQ!!"