, The Register 2005-05-09
Security researchers have discovered two unpatched vulnerabilities in Firefox, the popular alternative web browser. The security bugs affect even the latest version of Firefox (version 1.0.3) and create a means for attackers to seize control of vulnerable systems using cross-site scripting attacks.
Expand all |
Post comment
Firefox exploit targets zero day vulns
2005-05-09
TJ (4 replies)
TJ (4 replies)
Firefox exploit targets zero day vulns
2005-05-10
Anonymous (2 replies)
Anonymous (2 replies)
Firefox exploit targets zero day vulns
2005-05-10
Anonymous (1 replies)
Anonymous (1 replies)
Firefox exploit targets zero day vulns
2005-05-11
Coldman (2 replies)
Coldman (2 replies)
There are plenty of insightful comments in this 'ere thread and the posters have highlighted some key issues about the nature of security/vulnerability. Mozilla just released their latest build (wed, 11th May) to mitigate the effects of this latest reported vuln, before any malicious users were able to exploit it. The method of attack was apparently reliant on a three stage process, basically it was not an easy vuln to exploit.
As to the patch versus new-build debate, I prefer the new-build method. After all, if you get a puncture in your car tire, you replace the tire. Maybe a patch will suffice to get you home, or to go get a new one fitted, but it's much safer just to replace the whole thing.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/11119/31855#31855