Bad news for Firefox: Hackers claim zero-day flaw in it

ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Bad news for Firefox: Hackers claim zero-day flaw in it - Updated: False Alarm

<< < (2/3) > >>

dk70:
Yeah, yeah http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/

The bug-hunting reward should be seen in light of how Bugzilla works and who they know are likely to find bugs. Those are busy people, developers, extension makers - nothing more than a pad on the back and probably more directed at delivering good documentation and follow up. Selling to spammers have nothing to do with reward.

I really dont think main stream media should put such security debates up on front page. They always twist it so it becomes a question of am I now safe using X or Y? Complete nonsense. Way too many eat it up and believe there is a direct link between a headline and internet security.

No-script = giving up if you use for what could be called "general safety", or dont dare enter internet without it enabled. The reason Firefox was made in the first place was certainly not to make user have to barricade them self, more like the opposite. Nothing to do with the extension but if it really was needed, in real life, you would have 2 browsers to pick between, Firefox would die very fast.

CodeTRUCKER:
Just out of curiosity... do you think that maybe the reason that M$ has gotten a bad rap is because they have always been a high-visibility, widespread target that can provide the highest ROI for collateral damage?

Let me do the math for you...

(EvilBrains**Nth) * (M$IE**Nth) == (Opportunity**Nth)**Nth
... therefore it follows
M$IEDamage > OtherBrowserDamage
... and
PerceivedM$IESecurity < PerceivedOtherBrowserSecurity

That was fun! ;D All kidding aside, would you agree?

Mark0:
It has now been reported that the session in question was likely an unsubstantiated joke / BS show.

Link: ArsTechnica - Firefox JavaScript security "a complete mess"? More like a hoax (updated)

Anyway, Mozilla team is investigating:
Link: Mozilla Developer News - Update: Possible Vulnerability Reported at Toorcon

app103:
Just out of curiosity... do you think that maybe the reason that M$ has gotten a bad rap is because they have always been a high-visibility, widespread target that can provide the highest ROI for collateral damage?

Let me do the math for you...

(EvilBrains**Nth) * (M$IE**Nth) == (Opportunity**Nth)**Nth
... therefore it follows
M$IEDamage > OtherBrowserDamage
... and
PerceivedM$IESecurity < PerceivedOtherBrowserSecurity

That was fun! ;D All kidding aside, would you agree?
-cjkawd (October 03, 2006, 12:19 AM)
--- End quote ---

Has anybody ever discovered any exploits for IBrowse, the default browser for Amiga OS4?

Based on that I would have to say you are right. :D

It has now been reported that the session in question was likely an unsubstantiated joke / BS show.
-Mark0 (October 03, 2006, 11:26 AM)
--- End quote ---

Maybe that was a hoax but this isn't:

http://www.us-cert.gov/cas/techalerts/TA06-208A.html

I think the hoax could have been based on older already known information. And it still affects programs using SpiderMonkey and still affects Netscape.

Redhat:
Once upon a time 0day meant releasing knowledge of an exploit the day after Microsoft's patch day. Ahhh reminicent mood :D

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version