Bad news for Firefox: Hackers claim zero-day flaw in it

ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Bad news for Firefox: Hackers claim zero-day flaw in it - Updated: False Alarm

(1/3) > >>

KenR:
SAN DIEGO--The open-source Firefox Web browser is critically flawed in the way it handles JavaScript, two hackers said Saturday afternoon.

An attacker could commandeer a computer running the browser simply by crafting a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi said in a presentation at the ToorCon hacker conference here. The flaw affects Firefox on Windows, Apple Computer's Mac OS X and Linux, they said.

"Internet Explorer, everybody knows, is not very secure. But Firefox is also fairly insecure," said Spiegelmock, who in everyday life works at blog company SixApart. He detailed the flaw, showing a slide that displayed key parts of the attack code needed to exploit it ...

--- End quote ---

Read the rest of the article ...

Renegade:
This really ticks me off. I hate hearing all the anti-MS BS about how IE is "not secure". Pure silliness. FF has problems too. I just wish people would be a bit more level headed and not run off spouting lies about IE. (But yeah - I still use FF - but NOT because of security.)

The last round of FF problems were really bad. Multiple exploits that allowed full control. They both have problems. But that doesn't mean that either is more secure than the other. There have been no REAL security studies (that I've seen or heard of) that show any relationship between security and the two browsers.

Ok. That was a rant... :D

But it's kind of silly to expect someone to turn in an exploit that gives you a computer for $500. Mozilla needs to give it's head a shake. Really. Think about it. You've got some people that put in the time to find these things, and they can make a fortune selling it to spammers. Why would they turn it in? For $500? Doubtful...

In other news, has anyone noticed a rise in porn spam?

app103:
These vulnerabilities affect more than just firefox...

They affect any application using the spidermonkey js engine too.

So there are a bunch of programs out there that use it for js scripting features that are ticking time bombs.

Eóin:
Makes me happy that I run the NoScript extension by default. But still thats not a complete defense as JavaScript is so popular that I nearly always end up renabling it for the websites I visit.

urlwolf:
Is opera safe?

Navigation

[0] Message Index

[#] Next page

Go to full version