1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

New Firefox Vulnerability Exposed

Discussion in 'News' started by Jimmy 2004, Feb 26, 2007.

  1. Jimmy 2004

    Jimmy 2004 New Member

    Joined:
    Jan 15, 2005
    Messages:
    5,491 (1.59/day)
    Thanks Received:
    267
    Location:
    England
    A serious new flaw in Mozilla’s browser, Firefox, has been discovered which could allow malicious sites to exploit a system using the browser with JavaScript enabled. Mozilla’s error tracking system classes the vulnerability as critical, and attackers could potentially access your system using a specially crafted HTML file and then run malware remotely. The recommendation from Mozilla is to disable JavaScript in Firefox until a fix is released, but another good idea may be to install the NoScript add-on which will allow you to control which sites can use Java and Flash. This flaw is present on all versions of Firefox, including the new 2.0.0.2 update, and is yet another illustration that Firefox is not immune to security exploits.

    Source: vunet.com
  2. Alec§taar New Member

    Joined:
    May 15, 2006
    Messages:
    4,677 (1.57/day)
    Thanks Received:
    94
    Location:
    Someone who's going to find NewTekie1 and teach hi
    Another reason to TURN OFF JAVASCRIPT IN YOUR BROWSERS... gotta be the 2nd one this week alone.

    (I've been saying this for Java, Javascript, ActiveX, & ActiveScripting since 1997 in various posts & articles etc. I have authored, & it's coming true, moreso now, than ever! I knew the days when this would get 'abused' were coming is why... I used it enough to see things you could do for "the good" could just as easily been used for "the bad" is why...)

    APK

    P.S.=> For sites that DEMAND it? Turn it on... but, by default, keep it OFF... heck, "the infamous they" can hijack your routers now using it! See here, for those that did NOT see that:

    COMPUTER ROUTERS FACE HIJACK RISK:

    http://forums.techpowerup.com/showthread.php?t=25734

    It's good stuff for INTRANET usage, but on the public internet? Heck, crank it off, & only use it, IF you HAVE to! apk
  3. spectre440 New Member

    Joined:
    Jul 18, 2005
    Messages:
    948 (0.29/day)
    Thanks Received:
    15
    Location:
    Israel
    of course its not immune to security exploits, nothing is...

    but fact of the matter remains that firefox is still about a buhjillion (yes, i made that number up) times more secure than IE...

    and yeah, turning off javascript and keeping it off unless you absolutly need it... definantly a good idea. regerdless of what you might define "secure" or "unsecure" or what kind of add-ons/plugins/whatever you are using.
  4. Scavar

    Scavar New Member

    Joined:
    Aug 29, 2006
    Messages:
    573 (0.20/day)
    Thanks Received:
    0
    Location:
    Ft Lauderdale, FL
    I recently turned it off after listening to Alecstar and the Hijack router thing, and I have to say, its amazing just how many sites use it, including even our very own techpowerup.

    And I have to say it is mildly annoying to have to set things like this up. I wish humans were less malicious.
  5. Alec§taar New Member

    Joined:
    May 15, 2006
    Messages:
    4,677 (1.57/day)
    Thanks Received:
    94
    Location:
    Someone who's going to find NewTekie1 and teach hi
    Yea, it is... but nice part about this forums & site is, that W1zzard doesn't make it MANDATORY to use Javascript...

    E.G./I.E.-> Here, I use the site, just fine (maybe better imo) WITHOUT Javascript being set active in my webbrowsers!

    Ah, it is... but, you go FASTER, if you do it right... & also go online quite a bit more securely (the TRUE bonus).

    So do I... but, there is a "bright-spot" too, because many of them WILL say how they created them, & how to work around them.

    E.G.->

    http://forums.techpowerup.com/showthread.php?t=26141

    They're the "white hats", & they're NOT the ones to worry about!

    ... it's the "black hat" types that pull the tricks & don't tell others HOW they are doing it.

    You can "head them off @ the pass" largely, nowadays, by turning off "features" in browsers, that CAN & DO work against you for both speed & security...

    (Heck, you can @ the OS level, using things like HOSTS files for instance (& no 3rd party tools needed), for both more speed & stronger security, amongst others tweaks & tunings!)

    APK
  6. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    13,382 (4.78/day)
    Thanks Received:
    3,218
    eeeeeew java script. and flash aint any better!
  7. Scavar

    Scavar New Member

    Joined:
    Aug 29, 2006
    Messages:
    573 (0.20/day)
    Thanks Received:
    0
    Location:
    Ft Lauderdale, FL
    I wish I knew how to do things, because it would be nice to make it so that like, you can actively scan the java, javascript, flash, like. Uhh the page loads without it, and it can scan the stuff while the page is loaded, and then load it. Or something. Because I mean they are nice features if they were safe.

    I know some white hat type of people sort of. I mean by malicious I mean the people who really do it to mess with people, and never release information. If you do it, just to show that you can, and then talk about it. Thats different. Thats more like me building a better catapult system, destroying like one small town, and everyones freaking out, and then im like chill kingdoms near me, for this was just to prove I could do it. Look, this how it works. You can even do good things with it like blah blah blah....


    Right so anyways you get my point. Ill just have to get use to being safer. Because well, less headaches with nonsense.
  8. Alec§taar New Member

    Joined:
    May 15, 2006
    Messages:
    4,677 (1.57/day)
    Thanks Received:
    94
    Location:
    Someone who's going to find NewTekie1 and teach hi
    Stick around here, you'll learn a lot... I do, everyday, even if only 'little things' & imo, there IS nothing bigger, because they're the foundations of LARGER things imo!

    Hey, I outline a few things thru the forums in regard to this type of thing, & other stuff, & so do others, via the methods THEY use vs. my own.

    (Some are better than others, OVERALL, but most all of what I have seen noted by folks vs. methods I use, will work as well).

    :)

    * 8 ways to China in this stuff... quite often.

    APK
  9. Jimmy 2004

    Jimmy 2004 New Member

    Joined:
    Jan 15, 2005
    Messages:
    5,491 (1.59/day)
    Thanks Received:
    267
    Location:
    England
    Like I've mentioned in the news post, NoScript on Firefox is a great way to control JavaScript - give it a go, I didn't think I'd like it but now I'm very glad I have it. It means I can let sites like TPU (which I trust... assuming W1zz doesn't have some secret plot) use JavaScript and flash, but I block any that I don't know about or don't trust - so I can still do what I want, and it's very easy to use. Obviously the safest thing is to remove Java from your system, but this gives you a good balance between security, features and ease-of-use.
  10. WarEagleAU

    WarEagleAU Bird of Prey

    Joined:
    Jul 9, 2006
    Messages:
    10,796 (3.69/day)
    Thanks Received:
    545
    Location:
    Gurley, AL
    Anything can be exploited. But it took them awhile to find out how to do it.
  11. Benpi New Member

    Joined:
    Dec 14, 2006
    Messages:
    415 (0.15/day)
    Thanks Received:
    3
    That's because 95% use IE. If you were going to hack a browser to better profit your company, why would you try to exploit a browser used by only 5 percent? You wouldn't as it would be a waste of time.

    Avant Browser FTW!
  12. kakazza New Member

    Joined:
    Aug 25, 2006
    Messages:
    470 (0.16/day)
    Thanks Received:
    7
    "Mozilla Firefox appears to have lost some momentum. In January, 13.7 percent of all internet users browsed using Firefox, down from 14% in December. In contrast, Apple's Safari is gaining market usage. In January, 4.7% of all browser users used Safari, up from 4.2% in December. This is most likely due to more people using Mac OS X, which could be caused by all sorts of things (creative advertising, Core 2 Duo based iMacs, etc). Microsoft's Internet Explorer still accounts for 79.8% of all internet browser use."

    http://www.techpowerup.com/?26044



    @Jimmy

    Yeah, NoScript is nice. Even better is the developer version which has an experimental Blacklist instead of only the whitelist :)

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page