John Leyden, The Register 2005-05-09
Security researchers have discovered two unpatched vulnerabilities in Firefox, the popular alternative web browser. The security bugs affect even the latest version of Firefox (version 1.0.3) and create a means for attackers to seize control of vulnerable systems using cross-site scripting attacks.
Colapse all |
Post comment
Firefox exploit targets zero day vulns
2005-05-09
TJ (4 replies)
TJ (4 replies)
This shows time will prove that Firefox is NOT more secure than Internet Explorer. Made by humans, can be broken by humans plain and simple! The grass is NOT always greener on the other side of the fence. I expect much more problems with Firefox down the road, don't you?...
[ more ] [ reply ]
[ more ] [ reply ]
Firefox exploit targets zero day vulns
2005-05-10
David Prinzing
David Prinzing
I agree. The only reason that IE seems to be so very vulnerable is because it is the largest target on the board. As FireFox becomes more popular we will see it become just as vulnerable in proportion to how many users it has.
I like FireFox. I like to see alternatives that are well supported ...
[ more ] [ reply ]
I like FireFox. I like to see alternatives that are well supported ...
[ more ] [ reply ]
Firefox exploit targets zero day vulns
2005-05-10
Anonymous (2 replies)
Anonymous (2 replies)
Read the vulnerability description. "Executes code under user perms". Pretty common for most application vulns. Quite a bit different than 'executes perms as activex admin user' or 'executes arbitrary code under IE that is tied into the rest of the operating system'. Vulnerbilities are vulnerabilite...
[ more ] [ reply ]
[ more ] [ reply ]
Firefox exploit targets zero day vulns
2005-05-10
C. Hollywood
C. Hollywood
I couldn't have said it better.
It's only natural for security vulnerabilities to be discovered in internet applications, it's the nature of the beast, after all.
As more users migrate to Firefox I can see it becoming more secure, rather than loosing it's security-by-obscurity tag. I can see t...
[ more ] [ reply ]
It's only natural for security vulnerabilities to be discovered in internet applications, it's the nature of the beast, after all.
As more users migrate to Firefox I can see it becoming more secure, rather than loosing it's security-by-obscurity tag. I can see t...
[ more ] [ reply ]
Firefox exploit targets zero day vulns
2005-05-10
David Prinzing
David Prinzing
I agree that closed source tends to have more vulnerabilities because it is not publicly coded, but then again, Microsoft has more than the average amount of coders working on their projects. An inherent and systemic flaw in IE is that it is too closely tied to the OS which it runs on but this type...
[ more ] [ reply ]
[ more ] [ reply ]
Firefox exploit targets zero day vulns
2005-05-11
Aaron
Aaron
This line of argument is disappointing. What bothers me most is the constant line of people who cause such a fuss when a bug is found and subsequently fixed. What seems to be missed by a lot of people here is that Firefox now has one less bug, not one more. With more users of open source code, more ...
[ more ] [ reply ]
[ more ] [ reply ]
Firefox exploit targets zero day vulns
2005-05-11
Anonymous
Anonymous
Sorry, you are mistaken.
This doesn't prove what you claim, that Firefox is not more secure than IE.
It is evident that you are away from the OpenSource community. Let me tell you what it is:
This is a free alternative developed by *smart* people and they are dedicated to keep it free and fi...
[ more ] [ reply ]
This doesn't prove what you claim, that Firefox is not more secure than IE.
It is evident that you are away from the OpenSource community. Let me tell you what it is:
This is a free alternative developed by *smart* people and they are dedicated to keep it free and fi...
[ more ] [ reply ]
Firefox exploit targets zero day vulns
2005-05-10
Anonymous (2 replies)
Ahh, you poor brainwashed M$ zombies, always spouting the same nonsense. Here's a question for you: If your theory is correct, and M$ products only have more vulnerabilities because they are more popular, then please explain why IIS has several times more vulnerabilities than Apache, even thoug...
[ more ] [ reply ]
Anonymous (2 replies)
Ahh, you poor brainwashed M$ zombies, always spouting the same nonsense. Here's a question for you: If your theory is correct, and M$ products only have more vulnerabilities because they are more popular, then please explain why IIS has several times more vulnerabilities than Apache, even thoug...
[ more ] [ reply ]
Firefox exploit targets zero day vulns
2005-05-10
Anonymous (1 replies)
Anonymous (1 replies)
MS products do not have more vulnerabilities because they are popular. They have more vulnerablilities because they are more vulnerable.
Being popular is what causes them to inflict such horrible damage when a vulnerability is exploited.
I use Firefox on Mandrake Linux. I turned off the featu...
[ more ] [ reply ]
Being popular is what causes them to inflict such horrible damage when a vulnerability is exploited.
I use Firefox on Mandrake Linux. I turned off the featu...
[ more ] [ reply ]
Firefox exploit targets zero day vulns
2005-05-13
TJ (1 replies)
TJ (1 replies)
"MS products do not have more vulnerabilities because they are popular. They have more vulnerabilities because they are more vulnerable."
I respectfully disagree. Microsoft products are "perceived" more vulnerable due to the huge install base and widespread use making them a favorite target. Place ...
[ more ] [ reply ]
I respectfully disagree. Microsoft products are "perceived" more vulnerable due to the huge install base and widespread use making them a favorite target. Place ...
[ more ] [ reply ]
Firefox exploit targets zero day vulns
2005-05-14
Aaron
Aaron
Hello TJ,
> Yes, this is partially true. Referred to as
> "mono-culture". Although, I would point out,
> those who create and use exploits are the
> "bad guys" here, not the company trying to
> produce a product for positive use."
Now it is my turn to respectfully disagree. It seems strang...
[ more ] [ reply ]
> Yes, this is partially true. Referred to as
> "mono-culture". Although, I would point out,
> those who create and use exploits are the
> "bad guys" here, not the company trying to
> produce a product for positive use."
Now it is my turn to respectfully disagree. It seems strang...
[ more ] [ reply ]
Firefox exploit targets zero day vulns
2005-05-11
Coldman (2 replies)
Coldman (2 replies)
> times more vulnerabilities than Apache
Several times? Huh... Digging through bugtraq archives... So... Apache - 93 vulnerabilities. IIS - 116 (both since 1999).
Now take only last 2 years, i.e. - since April 2003... Microsoft - 15. IIS - 52. Don't believe? Count for yourself (link "Vulnerabi...
[ more ] [ reply ]
Several times? Huh... Digging through bugtraq archives... So... Apache - 93 vulnerabilities. IIS - 116 (both since 1999).
Now take only last 2 years, i.e. - since April 2003... Microsoft - 15. IIS - 52. Don't believe? Count for yourself (link "Vulnerabi...
[ more ] [ reply ]
Firefox exploit targets zero day vulns
2005-05-12
Anonymous (1 replies)
Anonymous (1 replies)
You sitting and counting vulnerabilities does show your desperation tries to prove a point that MAJORITY of Security experts are NOT going to believe.
Anyway, you have a reason why more people would still use UNIX and apache rather than M$ and IIS when you claim it is not more insecure and M$ cla...
[ more ] [ reply ]
Anyway, you have a reason why more people would still use UNIX and apache rather than M$ and IIS when you claim it is not more insecure and M$ cla...
[ more ] [ reply ]
Firefox exploit targets zero day vulns
2005-05-13
Coldman
Coldman
No system is secure - especially, when it is improperly configured, and especially, when it is administered by humans.
There are a lot of examples when MS based systems are secure (because their admins know exactly how to set them up - _correctly_), and there are a lot of Open Source (Linux/*bsd ...
[ more ] [ reply ]
There are a lot of examples when MS based systems are secure (because their admins know exactly how to set them up - _correctly_), and there are a lot of Open Source (Linux/*bsd ...
[ more ] [ reply ]
Firefox exploit targets zero day vulns
2005-05-12
Anonymous
Anonymous
You've got to expect trollish behaviour occasionally I guess.
There are plenty of insightful comments in this 'ere thread and the posters have highlighted some key issues about the nature of security/vulnerability. Mozilla just released their latest build (wed, 11th May) to mitigate the effects o...
[ more ] [ reply ]
There are plenty of insightful comments in this 'ere thread and the posters have highlighted some key issues about the nature of security/vulnerability. Mozilla just released their latest build (wed, 11th May) to mitigate the effects o...
[ more ] [ reply ]
[ more ] [ reply ]