Firefox 3 Vulnerability Found

Discussion in 'Windows Applications' started by drz01, Jun 19, 2008.

  1. drz01

    drz01 Weekend DJ

    Messages:
    527
    Location:
    Toronto
  2. zeke_mo

    zeke_mo (value not set) Staff Member Political User Folding Team

    Messages:
    1,984
    Location:
    Placerville, CA
    I found one too!! I installed a plugin from xxxdownloadsplus.poo and it took over my computer!
     
  3. gonaads

    gonaads Beware the G-Man Political User Folding Team

    Well no wonder, you got the address wrong. It's xxxdownloadsplus.pee
     
  4. SkyFuser

    SkyFuser Techtard in Training Political User

    Messages:
    156
    Location:
    California. I'm paranoid
    Why were you downloading a plugin that sounds like it's for adult stuff? <_< Those are dangerous.
    And the article didn't give much information. Exactly what is the vulnerability >_< And why did Tipping Point find this out only after 3.0 was released? They could have found it in 2.0 for the last 34 months...
     
  5. drz01

    drz01 Weekend DJ

    Messages:
    527
    Location:
    Toronto
    They probally did and told them, but since they did not fix it in the new version the went public to force tem to fix it now.
     
  6. SkyFuser

    SkyFuser Techtard in Training Political User

    Messages:
    156
    Location:
    California. I'm paranoid
    That makes sense, thanks :)
    But then again, how come they didn't go public earlier if they already reported and Mozilla didn't do anything about it? It sounds like the diligent Mozilla is slacking...
     
  7. Mizzle

    Mizzle Oh, now I know...!

    Messages:
    347
    Location:
    Denmark
    Err, I think they were joking :D

    Vulnerability or not, it's still the best browser out there, and as long as you stay away from sites like that, you should be ok :p
     
  8. Aprox

    Aprox Moderator Political User

    Messages:
    2,737
    Location:
    California, USA
    A lot of times, security groups will keep vulnerabilities they find private, only sharing them with the software developer in question. That way they fix the problem, without it becoming public and thus being exploited. Well, when developers don't listen or just don't fix it the security groups will make the vulnerability public so that they will be forced to fix it or suffer the wrath of angry people and evil doers.
     
  9. Geffy

    Geffy Moderator Folding Team

    Messages:
    7,805
    Location:
    United Kingdom
    sounds like MSIE logic there
     
  10. Mizzle

    Mizzle Oh, now I know...!

    Messages:
    347
    Location:
    Denmark
    lol! Perhaps that's what's Microsoft is saying, but not me.
     
  11. ray_gillespie

    ray_gillespie Moderator Staff Member Political User

    Messages:
    1,692
    Location:
    Birmingham, UK
    Yes, it's a bit like saying, "well, I know that my expired copy of Norton 3.0 is a bit out of date but as long as I stay away from dodgy websites and emails I'll be fine". It may be true to some extent, but that's not the point.
     
  12. SkyFuser

    SkyFuser Techtard in Training Political User

    Messages:
    156
    Location:
    California. I'm paranoid
    I know, which is why I'm wondering they didn't go public about the 2.0.0.x problem earlier. Said that the exploit was found on both 2.0 and 3.0.
    Why? Just ditch the AV all together. As long as you stay away from suspicious places you'll be fine, ne?
     
  13. Mastershakes

    Mastershakes Moderator

    Messages:
    1,721
    Location:
    Montreal
    5 hours. That's how long the dream lasted. Back to the drawing board fellas.
     
  14. Aprox

    Aprox Moderator Political User

    Messages:
    2,737
    Location:
    California, USA
    Its not the end of the world, all browsers have security flaws. Its how fast they fix it that shows how good they are.
     
  15. muzikool

    muzikool Act your wage. Political User

    Exactly. I don't see what all the fuss is about.
     
  16. Aprox

    Aprox Moderator Political User

    Messages:
    2,737
    Location:
    California, USA
    I think people that hate firefox for whatever reason jump at any chance to point out a flaw.
     
  17. Mastershakes

    Mastershakes Moderator

    Messages:
    1,721
    Location:
    Montreal

    I said back to the drawing board, not end of the world.

    They havn't fixed it yet, also affects FF 2 so I imagine it's a piece or module that was not changed moving towards FF 3. If it ain't broke, don't fix it.
     
  18. Geffy

    Geffy Moderator Folding Team

    Messages:
    7,805
    Location:
    United Kingdom
    Just like people wrt Microsoft, IE, Apple, french cheeses
     
  19. Aprox

    Aprox Moderator Political User

    Messages:
    2,737
    Location:
    California, USA
    I realize that's what you said, but it was more the tone of your post. Over dramatic comes to mind, thus why I said end of the world.

    I have faith that they will fix it if its really that big of a deal. Some of these security exploits are so abstract and weird you would have to be a total idiot to have your browser actually get exploited.
     
  20. Mastershakes

    Mastershakes Moderator

    Messages:
    1,721
    Location:
    Montreal
    Good point Aprox.

    My tone - will probably always generate some noise. I will try to adjust, I've been trying for quite some time now. My apologies for sounding the alarms.

    That out of the way, for a point of discussion, does anybody realize that FF since it's release has had more vulnerabilities than IE over the period?

    I use both browsers for all kinds of different reasons - and I enjoy them both. I use regmon alot when I browse to unusual places - helps minimize damage, and encourages me to understand the registry better.