Firefox 3 Vulnerability Found

zeke_mo

(value not set)
Staff member
Political Access
Joined
25 Aug 2004
Messages
1,991
I found one too!! I installed a plugin from xxxdownloadsplus.poo and it took over my computer!
 

gonaads

Beware the G-Man
Political Access
Joined
31 Mar 2002
Messages
18,474
I found one too!! I installed a plugin from xxxdownloadsplus.poo and it took over my computer!

Well no wonder, you got the address wrong. It's xxxdownloadsplus.pee
 

SkyFuser

Techtard in Training
Political Access
Joined
4 May 2008
Messages
156
Why were you downloading a plugin that sounds like it's for adult stuff? <_< Those are dangerous.
And the article didn't give much information. Exactly what is the vulnerability >_< And why did Tipping Point find this out only after 3.0 was released? They could have found it in 2.0 for the last 34 months...
 

drz01

Weekend DJ
Joined
19 Mar 2004
Messages
527
Why were you downloading a plugin that sounds like it's for adult stuff? <_< Those are dangerous.
And the article didn't give much information. Exactly what is the vulnerability >_< And why did Tipping Point find this out only after 3.0 was released? They could have found it in 2.0 for the last 34 months...
They probally did and told them, but since they did not fix it in the new version the went public to force tem to fix it now.
 

SkyFuser

Techtard in Training
Political Access
Joined
4 May 2008
Messages
156
That makes sense, thanks :)
But then again, how come they didn't go public earlier if they already reported and Mozilla didn't do anything about it? It sounds like the diligent Mozilla is slacking...
 

Mizzle

Oh, now I know...!
Joined
3 May 2008
Messages
347
Err, I think they were joking :D

Vulnerability or not, it's still the best browser out there, and as long as you stay away from sites like that, you should be ok :p
 

Aprox

OSNN Veteran Addict
Political Access
Joined
25 Aug 2004
Messages
2,738
A lot of times, security groups will keep vulnerabilities they find private, only sharing them with the software developer in question. That way they fix the problem, without it becoming public and thus being exploited. Well, when developers don't listen or just don't fix it the security groups will make the vulnerability public so that they will be forced to fix it or suffer the wrath of angry people and evil doers.
 

Mizzle

Oh, now I know...!
Joined
3 May 2008
Messages
347
lol! Perhaps that's what's Microsoft is saying, but not me.
 

ray_gillespie

OSNN Veteran Addict
Political Access
Joined
21 Mar 2002
Messages
1,693
Yes, it's a bit like saying, "well, I know that my expired copy of Norton 3.0 is a bit out of date but as long as I stay away from dodgy websites and emails I'll be fine". It may be true to some extent, but that's not the point.
 

SkyFuser

Techtard in Training
Political Access
Joined
4 May 2008
Messages
156
A lot of times, security groups will keep vulnerabilities they find private, only sharing them with the software developer in question. That way they fix the problem, without it becoming public and thus being exploited. Well, when developers don't listen or just don't fix it the security groups will make the vulnerability public so that they will be forced to fix it or suffer the wrath of angry people and evil doers.
I know, which is why I'm wondering they didn't go public about the 2.0.0.x problem earlier. Said that the exploit was found on both 2.0 and 3.0.
Yes, it's a bit like saying, "well, I know that my expired copy of Norton 3.0 is a bit out of date but as long as I stay away from dodgy websites and emails I'll be fine". It may be true to some extent, but that's not the point.
Why? Just ditch the AV all together. As long as you stay away from suspicious places you'll be fine, ne?
 

Aprox

OSNN Veteran Addict
Political Access
Joined
25 Aug 2004
Messages
2,738
5 hours. That's how long the dream lasted. Back to the drawing board fellas.

Its not the end of the world, all browsers have security flaws. Its how fast they fix it that shows how good they are.
 

muzikool

Act your wage.
Political Access
Joined
27 Dec 2001
Messages
7,626
Its not the end of the world, all browsers have security flaws. Its how fast they fix it that shows how good they are.

Exactly. I don't see what all the fuss is about.
 

Mastershakes

OSNN Veteran Addict
Joined
6 Jul 2004
Messages
1,721
Its not the end of the world, all browsers have security flaws. Its how fast they fix it that shows how good they are.


I said back to the drawing board, not end of the world.

They havn't fixed it yet, also affects FF 2 so I imagine it's a piece or module that was not changed moving towards FF 3. If it ain't broke, don't fix it.
 

Geffy

OSNN Veteran Addict
Joined
18 Mar 2002
Messages
7,805
Just like people wrt Microsoft, IE, Apple, french cheeses
 

Aprox

OSNN Veteran Addict
Political Access
Joined
25 Aug 2004
Messages
2,738
I said back to the drawing board, not end of the world.

They havn't fixed it yet, also affects FF 2 so I imagine it's a piece or module that was not changed moving towards FF 3. If it ain't broke, don't fix it.

I realize that's what you said, but it was more the tone of your post. Over dramatic comes to mind, thus why I said end of the world.

I have faith that they will fix it if its really that big of a deal. Some of these security exploits are so abstract and weird you would have to be a total idiot to have your browser actually get exploited.
 

Mastershakes

OSNN Veteran Addict
Joined
6 Jul 2004
Messages
1,721
Good point Aprox.

My tone - will probably always generate some noise. I will try to adjust, I've been trying for quite some time now. My apologies for sounding the alarms.

That out of the way, for a point of discussion, does anybody realize that FF since it's release has had more vulnerabilities than IE over the period?

I use both browsers for all kinds of different reasons - and I enjoy them both. I use regmon alot when I browse to unusual places - helps minimize damage, and encourages me to understand the registry better.
 

Members online

No members online now.

Latest profile posts

hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.
Terrahertz wrote on Electronic Punk's profile.
Yo fellas!
Electronic Punk wrote on Sazar's profile.
Where are you buddy?
Perris Calderon wrote on Electronic Punk's profile.
Hey EP! All good with me, applying for Microsoft MVP right now, should have done this a while ago.

Notifications don't work, I only found your response by coming back to hunt up some threads, if you want, give me your email address so we can keep in touch easier!

Forum statistics

Threads
61,999
Messages
673,426
Members
5,593
Latest member
moussa021