The Unhackable Firefox Gets Exploited ! Lol its about time , more to come i am sure

[cryptonx 0]

Ok before i post this , I am not flaming ..

I am just providing a story I found about a new exploit that affects ALL BROWSERS EXCEPT INTERNET EXPLORER ! ( STRANGE )

 

FireFox fans across the world, grab the Kleenex!

 

According to a paper recently published by Eric Johanson of the Shmoo Group, users on most Mozilla-based browsers (Firefox 1.0, Camino .8.5, Mozilla 1.6, etc), Safari 1.2.5, Opera 7.54, Omniweb 5 are victim to a complex International Domain Name [iDN] spoof.

 

This new attack allows an attacker/phisher to spoof the domain/URLs of businesses. Every recent gecko/khtml based browser implements IDN (which is just about every browser except for Internet Explorer). The Smoo Group have created a proof of concept where the links are directed at "p;, which the browsers punycode handlers render as http://forums.xisto.com/no_longer_exists/.

 

According to the group there is however an easy to way to detect you're under a spoof attack, cut & paste the url you are accessing into notepad or some other

tool (under OSX, paste into a terminal window) which will allow you to view what character set/pagecode the string is in. You can also view the details of the SSL cert etc.

 

You can disable IDN support in Mozilla products by setting 'network.enableIDN' to false. There is no known workaround for Opera or Safari. Vendor responses have been varied with VeriSign and Apple failing to respond but Opera believing they have correctly implemented IDN, and will not be making any changes (oops). Mozilla are currently working on finding a good long-term solution. The company provided a clear workaround for disabling IDN temporarily until it can better address the issue.

 

This latest exploit will provide spammers with a way to trick FireFox, Opera and Safari users into thinking they're on a certain website. Commonly known as Phishing this latest attack by spammers and hackers is frighteningly common.

 

Update: Many users are reporting the config change in Firefox does not work, currently there is no fix for Firefox.

 

good luck with unstopable , unbreakable , unexploitable , free , open source browser

 

source : https://www.neowin.net/

[tattoopunk 0]

Oh dear, it is going to fool me! I was afraid it had a terrible error like IE, but its just some fishies trying to trick me, I don't think so fishes, I'm gonna get you Frankly, its not that bad when you compair it to all the holes in Microsoft's programing and security. Plus, Linux and Firefox don't have built in spyware. It's nothing to get worried about, if I were you though, I'd be updating my virus protection. And mabe again tomorrow, and just keep updating so you don't have to worry, I on the otherhand will just stick with what I'm doing, sitting around my dorm room, wattching the news and Laughing at so call exploits, all nige and safe from any spyware and viruses!

[miCRoSCoPiC^eaRthLinG 0]

Lol.. whats all the joy about ??? 1 Firefox bug against over 50,000 in IE ?? Errr... I can't really argue with that ;)tattoopunk: you are turning into a merciless militant stop butchering the innocents ..lol

[tattoopunk 0]

If anyone is familiar with Red Dwarf, I think a cat quote is in order!

[MajesticTreeFrog 0]

Ok before i post this , I am not flaming ..

I am just providing a story I found about a new exploit that affects ALL BROWSERS EXCEPT INTERNET EXPLORER ! ( STRANGE )

 

FireFox fans across the world, grab the Kleenex!

 

 

You can disable IDN support in Mozilla products by setting 'network.enableIDN' to false. There is no known workaround for Opera or Safari. Vendor responses have been varied with VeriSign and Apple failing to respond but Opera believing they have correctly implemented IDN, and will not be making any changes (oops). Mozilla are currently working on finding a good long-term solution. The company provided a clear workaround for disabling IDN temporarily until it can better address the issue.

 

This latest exploit will provide spammers with a way to trick FireFox, Opera and Safari users into thinking they're on a certain website. Commonly known as Phishing this latest attack by spammers and hackers is frighteningly common.

 

Update: Many users are reporting the config change in Firefox does not work, currently there is no fix for Firefox.

 

good luck with unstopable , unbreakable , unexploitable , free , open source browser

 

source : https://www.neowin.net/

<{POST_SNAPBACK}>

The reason this doesn't work on IE is that it doesn't have built in support for international domain names built in. If you install the plugin, IE is also affected.

 

So, yeah, EVERY browser is affected.

 

My question is, why is IDN **** turned on at all in these browsers by default?

 

As for firefox being unhackable, that isn't anywhere near true. There have been plenty of holes found so far. The reason it is more secure is that it isn't IE and people just don't go after it as much. That will change in time. When that happens, you can be sure that the OSS community will begin to fix it all. This may be the beginning of that cycle.

[Jguy101 0]

1 Firefox bug against over 50,000 in IE ?? Errr... I can't really argue with that

Exactly. You're all giddy about one bug in Firefox, yet there are about a million in your precious IE....

[iGuest 3]

HALLELUIAH!!!! WERE NOT ALONE ON IE ANYMORE!

[Trekkie101 0]

HALLELUIAH!!!! WERE NOT ALONE ON IE ANYMORE!

Mad.....

Well I didnt actually count this as a bug at first but it doesnt have to be interpreted that way, just check where you really are, type the address, all important places will have an easy to remember address wont they?

[cryptonx 0]

firefox .. ghetto engine lol if maxthon dropped IE and used FireFox .. i will switch ... i dont care about IE as a rendering engine .. i care about IE because of Maxthonbtw one of the Head Chiefs at microsoft claimed that he uses IE 6.0 SP2 thru Maxthon

[Tweak37 0]

Since when is Firefox unhackable? Nobody has ever claimed such a thing... Firefox is as vulnerable for bugs as every other browser. Ie has more problems because the code is messed up. MS won the browser war because they made a new browser from scratch, while nestcape was trying to improve their browser by changing the original code... It was one big mess, ask the mozila foundation, they noticed it when they got the source But now the roles are turned and ms faces the same problem... So more bugs and problems...

[TommoD 0]

Leave my mate Firefox alone!!! There are always going to be bugs. Nothing is unhackable or unexploitable. Sometimes it just takes longer to find those bugs and exploits. Firefox is a great piece of software, there can be no doubt about that. I myself am not going to stop using it because of one little bug like this. As long as the firefox community is aware of this, then they should be safe, unless they are very remedial. Firefox will always be my choice of browser, just like Inturdnet Exploder will always be the shame of mankind.

[miCRoSCoPiC^eaRthLinG 0]

firefox .. ghetto engine lol

if maxthon dropped IE and used FireFox .. i will switch ... i dont care about IE as a rendering engine .. i care about IE because of Maxthon

 

btw one of the Head Chiefs at microsoft claimed that he uses IE 6.0 SP2 thru Maxthon

<{POST_SNAPBACK}>

Did anyone ever explain to you the term "Biased View" ?? Why is it that everytime you decide to sing praise of, it involves something that has its roots in IE - besides as far as I can recall the folks@firefox never sung in praise of any other browser that had it's roots in firefox !!! If Microsoft was so smart why would other browsers improvise on IE and become much more adept at their task while IE still crawls on in the STONE AGES ?? Does that tell you about something really LACKING in IE or is it just some figment of my Imagination Extreme ??

[egbert 0]

I hate web browsers. You have to make it compatible with all of them and that's a pain. Imho IE is easier for writing, but it has more bugs. I think everybody should just have to use the same source to make it easier for everybody. And who cares about one stinky bug in firefox. Firefox is obviously coded much better and has less bugs. It's not even really a bug!!!

[cryptonx 0]

emmmmicroscopic earthling ... I ment that Maxthon is the real reason why I am still using IE , I once hopped to opera because of the amazing ( back then ) TABS .. but then some pages wouldn't display correctly .. so I jumped to netscape which was my favourite ( netscape communicator 4.5 ) but then they made a new one based on java i think which was very very slow on my old pc .. so I got stuck with IE >. then I found MyIE2 ... which is now Maxthon .what I was trying to say is that I didn't experience any security issues with either IE / Opera / Netscape or even the small amount of time that I used FireFox .. but since I got VERY VERY used to Maxthon .. I tried firefox it wasnt bad for me .. but Maxthon was still more practical for me ... especialy with the implemented features ( popup blocker / ad hunter / activex /flash disabler and many others ) enabled long ago before firefox or even SP2 .So what I am saying that Is that I dont like IE because it's IE .. I like IE because it's Maxthonand i think i am going to change that banner of mine to point to MAXTHON insted of IE !

[miCRoSCoPiC^eaRthLinG 0]

Lol... all right cryptonx, you convinced me... Have we had enough of this topic now ?? I believe we've had about a 100s of different threads going on exactly the same topic - Browser War !!! If you guys don't have any more views to add in, can I please lock this thread ?