jedipi
Apr 6 2005, 01:18 PM
| | http://secunia.com/advisories/14820/
It is about JavaScript Engin,
This vulnerability is rated as Moderately critical.
System information will be exposured to malicious people.
Patch has not available yet.
The vulnerability has been confirmed in versions 1.0.1 and 1.0.2
Does turning off the java script help in this suitation????
Firefox does has much user as IE, but more and more vulnerability are found.
I remember that some people said firefox is the most securest internet browser.
How about now?? |
Comment/Reply (w/o sign-up)
miCRoSCoPiC^eaRthLinG
Apr 6 2005, 02:12 PM
How about now ?? Well, first of all FireFox was never claimed to be the securest browser - there's nothing like a securest software in the market... for every security measure you take, 10 more loopholes can be discovered. What's meant by the high security level of firefox is that firefox is relatively more secure than browsers like IE which has to be plugged up every second week. If you compare the amount of exploits in both browsers, firefox would be way way behind than IE... as also in the frequency of bugs found in these two browsers... so there 
Comment/Reply (w/o sign-up)
nakulgupta
Apr 6 2005, 03:06 PM
I would beg to differ there....agreed firefox NOW is way behind IE in terms of security flaws but we must also consider that firefox is behind in terms of usage by people...it's just that it hasnt been in the market for too long for its security flaws to be known. It's something like Linux and Windows the latter being more used is thus more exploited. I think this would be one of the many flaws to surface.
Comment/Reply (w/o sign-up)
Giniu
Apr 6 2005, 03:07 PM
besides, this would be probably fixed in few days, and you won't have to wait for Service Pack or fix few months... Term unbugy software is imagined... at every aplication can sniff some bug, but the quesion is not if you find it, but how fast it would be fixed...
Comment/Reply (w/o sign-up)
Trekkie101
Apr 6 2005, 05:49 PM
Firefox is still very much ahead of Internet Explorer in terms of security. Its uncoparable. Firefox is patched in 1.0.3 agianst this, sure maybe more updates than IE but IE still has major bugs and its in no hurry to patch at any rate. Firefox is doing a lot better by patching all these holes. Firefox will still win the war, easily.
Comment/Reply (w/o sign-up)
jesuslovesgod
Apr 7 2005, 01:33 AM
yeah pretty much, i still go with internet explorer. firefox just wasnt making me happy
Comment/Reply (w/o sign-up)
SoldatRevolution
Apr 7 2005, 03:53 AM
I don't like people who use IE. Look at my forums: http://www.bzkr.tk/Go down to the bottom. (WARNING: CONTAINS BAD WORDS!!!) That was my customised ad for Firefox.  Firefox may have lots of loopholes, but IE has much more. FF hasn't been around for that long, either, but people have been using IE FOREVER. Think about it, jesuslovesgod.
Comment/Reply (w/o sign-up)
saxsux
Apr 8 2005, 01:43 PM
I really like Firefox. I can't understand whay everyone's making such a fuss over this. Its just one security flaw. All the other flaws in Firefox have been fixed. With IE there's tons of flaws, and Microsoft isn't even making any effort to sort them out - the Firefox community is always quick to act when flaws are found. All hail Firefox!
Comment/Reply (w/o sign-up)
waltermelow
Apr 19 2005, 05:38 PM
Like payment alternative (IE and Firefox) this Opera, is a good navigator, if it does not matter to pay to you for that reason. I think that bugs of Mozilla with those of IE is not comparable, although am the navigator but people use, that does not entail to similar torrent of errors in it (Bill fixes an error and appear five).
Comment/Reply (w/o sign-up)
Similar Topics
Keywords : vulnerability, found, firefox
- Foxtorrent: Download Torrents From Within Firefox
(1)
How To Double Firefox Speed
(5) 1. Type about:config in the address bar and then press Enter. 2. In the filter search bar type
network.http.pipelining . Be sure the value field is set true ,if not double-click to set true .
3. Go back to the filter search bar and type network.http.pipelining.maxrequests . Double-click
this option and set its value to 8 . 4. In the filter search bar and type
network.http.proxy.pipelining . Once opened double-click on it and set it to true . 5. In
IPv6-capable DNS servers, an IPv4 address may be returned when an IPv6 address is requested. It is
possible for Mozi....
Winzip ActiveX Control Remote Code Execution Vulnerability
(2) QUOTE WinZip is prone to a remote code-execution vulnerability in an ActiveX control that is
installed with the package. Exploiting this issue allows remote attackers to execute arbitrary
machine code in the context of applications using the affected ActiveX control and possibly to
compromise affected computers. WinZip versions in the 10.0 series prior to build 7245 are
vulnerable to this issue. Here is an exploit source code :
http://downloads.securityfocus.com/vulnera...-vs-MS-winzip.c used a shellcode that binds a port on
4444. ....
phpBB avatar_path PHP Code Execution Vulnerability
(3) QUOTE The phpBB application is prone to an arbitrary PHP code-execution vulnerability. If
successful, attackers can execute script code with the privileges of the webserver process.
QUOTE Vulnerable: phpBB phpBB 2.0.21 phpBB phpBB 2.0.20 phpBB phpBB 2.0.18 Not Vulnerable:
phpBB phpBB 2.0.22 So , upgrade to phpBB phpBB 2.0.22 .....
MS Windows CSRSS Vulnerability
(4) There's a vulnerability in MS Windows that may cause serious problems related with the module
csrss.exe . Here below is listed vulnerable systems: QUOTE Microsoft Windows XP Tablet PC
Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition
Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP
Professional Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Media Center Edition
SP1 Microsoft Windows XP Media Center Edition Microsoft Windows XP Home SP2 Microsoft Wind....
Microsoft Xmlhttp Activex Control Code Execution Vulnerability
Extremely critical (0) Another vulnerability to XP has been found by Security research firm Secunia. QUOTE
Description: A vulnerability has been reported in Microsoft XML Core Services, which can be
exploited by malicious people to compromise a users system. The vulnerability is caused due to an
unspecified error in the XMLHTTP 4.0 ActiveX Control. Successful exploitation allows execution of
arbitrary code when a user e.g. visits a malicious website using Internet Explorer. NOTE: The
vulnerability is already being actively exploited. QUOTE Solution: Microsoft has recommended
va....
New Firefox Update 1.5.0.4
(10) This update fixes several security issues found in firefox such as HTTP smuggling and XSS issues.
It also improves stability with updates to memory and crashin issues. Unfortunately, it does not
fix the javascript issue I have identified. To get or for more info go to the update page . ~Viz....
Password Reset Vulnerability
(3) is it working now...? QUOTE An attacker can reset any Microsoft Hotmail/.Net Passport user
account with no prior information like state, zip, country, answer to the secret question and the
old password. Normally, a user has to answer the security questions and than answer the secret
question if he wants to reset his password. By exploiting this vulnerability, an attacker can submit
a specially crafted URL to get the password reset instructions and reset any user?s password.
TECHNICAL DETAILS Due to the nature of this vulnerability and the fact that there is no fix....
Microsoft Confirms Wmf Vulnerability
(7) Microsoft has issued a Security Advisory (912840) on 28 Dec. It concerns the recent WMF
vulnerability exploit. Microsoft also gave a temp solution to protect your PC until they issue a
patch. It's a good idea to use this before the patch comes out. The following is a quote from
the Microsoft Security Advisory. QUOTE Un-register the Windows Picture and Fax Viewer
(Shimgvw.dll) 1. Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll"
(without the quotation marks), and then click OK. 2. A dialog box appears to confirm that the
un-registr....
Ms Sec. Advisory: Flash Player 7 Vulnerability
(1) A vulnerability in Flash Player 7 has been identified by Macromedia. Microsoft urges users to apply
a critical update from Flash Player update from Macromedia. This vulnerability affects Flash
Player 7.0.19.0 and earlier. Flash Player (8.0.22.0) contains a fix for the vulnerability. If you
have Flash Player 7 installed, it is the time to upgrade to this new version. It is very
interesting. Microsoft is advising to upgrade an application that is not Microsoft's. But it is
nice to see just how much MS is becoming dedicated with security. And the developer can m....
Update Your Firefox!
Another flaw has been found in Firefox (8) Another flaw has been found in Firefox browser. This exploit affects Unix/Linix systems, not
Windows. And the latest version 1.07 contains a fix. You guys, who are using older version in
Unix/Linix systems, should update your firefox as soone as possible. It shows that firefox is just
not saft enough. It has good track record just simply because it wasn't used enough. Firefox
browser is as vulnerable as any other popular browser on the market.....
Vulnerability Was Found In All Major Browsers
Spoofing Flaw affect IE, Firefox, Safari (20) According eWeek.com, a new vulnerability was found in all the major Web browsers ( IE, Firefox,
Safari). This Spoofing Flaw can be exploited by malicious hackers to trick surfers into disclosing
confidential information. QUOTE "The problem is that JavaScript dialog boxes do not display or
include their origin, which allows a new window to open a prompt dialog box, which appears to be
from a trusted site," Here is the place for you to test your broswer whether vulnerable or not.
http://secunia.com/multiple_browsers_dialo...erability_test/ source: http://www.e....
Critical Flaw Found In Firefox
(5) I don't want to spam by posting the entire article but this was brougt to my attention by an
email posting at work. Since I have not seen it in this thread here it is. The full atricle can be
found at http://news.yahoo.com/s/pcworld/120756 "Firefox has unpatched "extremely critical"
security holes and exploit code is already circulating on the Net, security researchers have warned.
The two unpatched flaws in the Mozilla browser could allow an attacker to take control of your
system." Security focus also has a note http://www.securityfocus.com/advisories/8430....
Firefox Speed Tweaks
How to make Firefox open websites faster (16) Note: The one posted here is not the same thing. This one has been tested and increases the
speed, an update to perform these same steps is avalailable on the mozilline.org forums as well.
Type in the Address Bar - about:config Then scroll over to the following settings and adjust:
network.http.max-connections :40 network.http.max-connections-per-server :20
network.http.max-persistent-connections-per-server :20 network.http.pipelining :True
network.http.pipelining.maxrequests :32 network.http.proxy.pipelining :True Taken from here ....
Microsoft's security program manager...
use firefox ???? (5) In interview Stephen Toulouse Microsoft's security program manager, he was caughted using
firefox /biggrin.gif" style="vertical-align:middle" emoid=":D" border="0" alt="biggrin.gif" />,
maybe ie really sucks, themselves not dare to use it... and beside it have 102012923239231 security
holes... QUOTE Meanwhile, Firefox and Opera look awfully appealing. Security is really an
industry-wide problem. Just this morning I had to install an update to Firefox to block a flaw
that would've allowed an attacker to run a program on my system. http://www.wired....
Looking for vulnerability, found, firefox
|
See Also,
*SIMILAR VIDEOS*
Searching Video's for vulnerability, found, firefox
|
advertisement
|
|
