Critical Flaw Found in Firefox!

The two unpatched flaws in the Mozilla browser could allow an attacker to take control of your system.

This is old news to some of you i'm sure. However a patch has been released that will fix this security issue in firefox that can allow a user to take over your system through the browser. It's about time we can moan at firefox

http://story.news.yahoo.com/s/pcworld/120756

Blah, we better go back to that totally secure browser called Internet Explorer then.

If you are using FF version 1.00 or later you should just look up in the upper right hand corner for the up-pointing red arrow on a regular basis for the auto-updates. Of course some people may have this disabled - but why would you ever do that.

It is only a testament to the projects success that people are looking for vulnerabilities in the browser. No one writes perfect code so security patches are going to be a part of safer computing.

Jay
Developer/Consultant

A bug eh? Every piece of software in the world has bugs. The good thing about Firefox is that it's open source which means patches are usually made within the first few hours of the vulnerability being detected.

The site mentions JavaScript? I think it's a Java issue, not JavaScript...
I'm aware of the Java issue. Doesn't really effect me since I turn Java off anyway and besides, I'm on Linux.

Also keep in mind that this problem does not apply to everyone.
Such a big breach of security should be dealt with by the OS even if the applications are at fault. If you're using Firefox on Windows, then you're probably in trouble. If you're using a Mac or Linux/Unix, then you're probably quite safe. On Linux/Unix you would be very safe even without a virus guard and without a firewall assuming you don't open unnecessary ports when they are not needed.

Originally Posted by Jonny Blah, we better go back to that totally secure browser called Internet Explorer then.

Don't mean to start a debate on IE but any browser that doesn't use ActiveX is a million times more secure than IE.

I was being sarcastic maybe?

Originally Posted by Jonny I was being sarcastic maybe?

I'm just blonde heh heh

people today spend more time patching and upgrading software than they do actually deploying, installing and using the software. im so sick of updates i dont bother with them anymore. the only 3 things i update

1. my webservers, but they do it themselves
2. msn because im forced
3. firefox because i just do.

anything else can take its buggy software and put it where the sun dont shine.

I can't be bothered reading that thread cos I am going out soon, but does this bug affect version 1.04?

Doesn't actually surprise me. I knew there was going to be something found sooner or later.

Still that's one critical bug vs how many in IE?

Javascript and frames always seem to have some kind of problem in IE and firefox. Makes me wonder how difficult it really is to patch the problem and why.

Now the exploit at hand looks like firefox allows a maliciously coded page to give the user the impression he/she is downloading software from a trusted site (update.mozilla.org and addons.mozilla.org are trusted by default according to the article).

Just like with the IE flaws I think it comes down to getting your security settings setup correctly so these type of flaws don't have as much impact.

At least Mozilla are quick at putting out new releases that fix the problems - that little red icon is wonderful

No matter how carefully you check your software, there will always be a bug somewhere that can be exploited - It's how you react to those exploits that makes good software.