Firefox 3 Vulnerability Found

I found one too!! I installed a plugin from xxxdownloadsplus.poo and it took over my computer!
 
I found one too!! I installed a plugin from xxxdownloadsplus.poo and it took over my computer!

Well no wonder, you got the address wrong. It's xxxdownloadsplus.pee
 
Why were you downloading a plugin that sounds like it's for adult stuff? <_< Those are dangerous.
And the article didn't give much information. Exactly what is the vulnerability >_< And why did Tipping Point find this out only after 3.0 was released? They could have found it in 2.0 for the last 34 months...
 
Why were you downloading a plugin that sounds like it's for adult stuff? <_< Those are dangerous.
And the article didn't give much information. Exactly what is the vulnerability >_< And why did Tipping Point find this out only after 3.0 was released? They could have found it in 2.0 for the last 34 months...
They probally did and told them, but since they did not fix it in the new version the went public to force tem to fix it now.
 
That makes sense, thanks :)
But then again, how come they didn't go public earlier if they already reported and Mozilla didn't do anything about it? It sounds like the diligent Mozilla is slacking...
 
Err, I think they were joking :D

Vulnerability or not, it's still the best browser out there, and as long as you stay away from sites like that, you should be ok :p
 
A lot of times, security groups will keep vulnerabilities they find private, only sharing them with the software developer in question. That way they fix the problem, without it becoming public and thus being exploited. Well, when developers don't listen or just don't fix it the security groups will make the vulnerability public so that they will be forced to fix it or suffer the wrath of angry people and evil doers.
 
lol! Perhaps that's what's Microsoft is saying, but not me.
 
Yes, it's a bit like saying, "well, I know that my expired copy of Norton 3.0 is a bit out of date but as long as I stay away from dodgy websites and emails I'll be fine". It may be true to some extent, but that's not the point.
 
A lot of times, security groups will keep vulnerabilities they find private, only sharing them with the software developer in question. That way they fix the problem, without it becoming public and thus being exploited. Well, when developers don't listen or just don't fix it the security groups will make the vulnerability public so that they will be forced to fix it or suffer the wrath of angry people and evil doers.
I know, which is why I'm wondering they didn't go public about the 2.0.0.x problem earlier. Said that the exploit was found on both 2.0 and 3.0.
Yes, it's a bit like saying, "well, I know that my expired copy of Norton 3.0 is a bit out of date but as long as I stay away from dodgy websites and emails I'll be fine". It may be true to some extent, but that's not the point.
Why? Just ditch the AV all together. As long as you stay away from suspicious places you'll be fine, ne?
 
5 hours. That's how long the dream lasted. Back to the drawing board fellas.

Its not the end of the world, all browsers have security flaws. Its how fast they fix it that shows how good they are.
 
Its not the end of the world, all browsers have security flaws. Its how fast they fix it that shows how good they are.

Exactly. I don't see what all the fuss is about.
 
Its not the end of the world, all browsers have security flaws. Its how fast they fix it that shows how good they are.


I said back to the drawing board, not end of the world.

They havn't fixed it yet, also affects FF 2 so I imagine it's a piece or module that was not changed moving towards FF 3. If it ain't broke, don't fix it.
 
Just like people wrt Microsoft, IE, Apple, french cheeses
 
I said back to the drawing board, not end of the world.

They havn't fixed it yet, also affects FF 2 so I imagine it's a piece or module that was not changed moving towards FF 3. If it ain't broke, don't fix it.

I realize that's what you said, but it was more the tone of your post. Over dramatic comes to mind, thus why I said end of the world.

I have faith that they will fix it if its really that big of a deal. Some of these security exploits are so abstract and weird you would have to be a total idiot to have your browser actually get exploited.
 
Good point Aprox.

My tone - will probably always generate some noise. I will try to adjust, I've been trying for quite some time now. My apologies for sounding the alarms.

That out of the way, for a point of discussion, does anybody realize that FF since it's release has had more vulnerabilities than IE over the period?

I use both browsers for all kinds of different reasons - and I enjoy them both. I use regmon alot when I browse to unusual places - helps minimize damage, and encourages me to understand the registry better.
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back