• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Firefox 3 Vulnerability Found

zeke_mo

(value not set)
Staff member
Political User
#2
I found one too!! I installed a plugin from xxxdownloadsplus.poo and it took over my computer!
 

SkyFuser

Techtard in Training
Political User
#4
Why were you downloading a plugin that sounds like it's for adult stuff? <_< Those are dangerous.
And the article didn't give much information. Exactly what is the vulnerability >_< And why did Tipping Point find this out only after 3.0 was released? They could have found it in 2.0 for the last 34 months...
 

drz01

Weekend DJ
#5
Why were you downloading a plugin that sounds like it's for adult stuff? <_< Those are dangerous.
And the article didn't give much information. Exactly what is the vulnerability >_< And why did Tipping Point find this out only after 3.0 was released? They could have found it in 2.0 for the last 34 months...
They probally did and told them, but since they did not fix it in the new version the went public to force tem to fix it now.
 

SkyFuser

Techtard in Training
Political User
#6
That makes sense, thanks :)
But then again, how come they didn't go public earlier if they already reported and Mozilla didn't do anything about it? It sounds like the diligent Mozilla is slacking...
 

Mizzle

Oh, now I know...!
#7
Err, I think they were joking :D

Vulnerability or not, it's still the best browser out there, and as long as you stay away from sites like that, you should be ok :p
 

Aprox

Moderator
Political User
#8
A lot of times, security groups will keep vulnerabilities they find private, only sharing them with the software developer in question. That way they fix the problem, without it becoming public and thus being exploited. Well, when developers don't listen or just don't fix it the security groups will make the vulnerability public so that they will be forced to fix it or suffer the wrath of angry people and evil doers.
 

ray_gillespie

OSNN Veteran Addict
Political User
#11
Yes, it's a bit like saying, "well, I know that my expired copy of Norton 3.0 is a bit out of date but as long as I stay away from dodgy websites and emails I'll be fine". It may be true to some extent, but that's not the point.
 

SkyFuser

Techtard in Training
Political User
#12
A lot of times, security groups will keep vulnerabilities they find private, only sharing them with the software developer in question. That way they fix the problem, without it becoming public and thus being exploited. Well, when developers don't listen or just don't fix it the security groups will make the vulnerability public so that they will be forced to fix it or suffer the wrath of angry people and evil doers.
I know, which is why I'm wondering they didn't go public about the 2.0.0.x problem earlier. Said that the exploit was found on both 2.0 and 3.0.
Yes, it's a bit like saying, "well, I know that my expired copy of Norton 3.0 is a bit out of date but as long as I stay away from dodgy websites and emails I'll be fine". It may be true to some extent, but that's not the point.
Why? Just ditch the AV all together. As long as you stay away from suspicious places you'll be fine, ne?
 
#17
Its not the end of the world, all browsers have security flaws. Its how fast they fix it that shows how good they are.

I said back to the drawing board, not end of the world.

They havn't fixed it yet, also affects FF 2 so I imagine it's a piece or module that was not changed moving towards FF 3. If it ain't broke, don't fix it.
 

Aprox

Moderator
Political User
#19
I said back to the drawing board, not end of the world.

They havn't fixed it yet, also affects FF 2 so I imagine it's a piece or module that was not changed moving towards FF 3. If it ain't broke, don't fix it.
I realize that's what you said, but it was more the tone of your post. Over dramatic comes to mind, thus why I said end of the world.

I have faith that they will fix it if its really that big of a deal. Some of these security exploits are so abstract and weird you would have to be a total idiot to have your browser actually get exploited.
 
#20
Good point Aprox.

My tone - will probably always generate some noise. I will try to adjust, I've been trying for quite some time now. My apologies for sounding the alarms.

That out of the way, for a point of discussion, does anybody realize that FF since it's release has had more vulnerabilities than IE over the period?

I use both browsers for all kinds of different reasons - and I enjoy them both. I use regmon alot when I browse to unusual places - helps minimize damage, and encourages me to understand the registry better.
 

Members online

No members online now.

Latest posts

Latest profile posts

Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,961
Messages
673,239
Members
89,012
Latest member
Sierge