Jump to content
xisto Community
Sign in to follow this  
tansqrx

Critical Flaw Found In Firefox

Recommended Posts

I don't want to spam by posting the entire article but this was brougt to my attention by an email posting at work. Since I have not seen it in this thread here it is. The full atricle can be found at http://forums.xisto.com/no_longer_exists/

"Firefox has unpatched "extremely critical" security holes and exploit code is already circulating on the Net, security researchers have warned.

The two unpatched flaws in the Mozilla browser could allow an attacker to take control of your system."

Security focus also has a note

http://www.securityfocus.com/advisories/8430

Share this post


Link to post
Share on other sites

This only affects Firefox browsers v1.0.2 and down.. The exploits reported there have been found long long back and this report is just a summarization of all of them and explains what the combined impact of these could be.. nothing to fear for people who updates their Firefox regularly..

 

    -------------------------------------------------------------------

    Package                        /  Vulnerable  /      Unaffected

    -------------------------------------------------------------------

  1  www-client/mozilla-firefox          < 1.0.3            >= 1.0.3

  2  www-client/mozilla-firefox-bin      < 1.0.3            >= 1.0.3

  3  www-client/mozilla                  < 1.7.7            >= 1.7.7

  4  www-client/mozilla-bin              < 1.7.7            >= 1.7.7

    -------------------------------------------------------------------

    4 affected packages on all of their supported architectures.

    -------------------------------------------------------------------

 

Source: http://www.securityfocus.com/advisories/8430

Share this post


Link to post
Share on other sites

Yes Firefox is rated extremely critical right now but 1.0.4 is ready just about ready to ship.*Plays Back to the future 3 theme (It relates, its like the cavalry charging in, mozilla in this case) But UMO (update.mozilla.org) has been changed so that one of the two patches has been nullified right where it stands so the warning arent as high as people claim and Firefox will still get to the top! Better to patch often than once a year like IE!

Share this post


Link to post
Share on other sites

Fortunatly, i think the exploits are OS specific.i tried my firefox againsed the proof of concept domo's and i passed, even when running a vunerable version.or maybe i accidently ompiled it without a feature the exploit needs, who knows, lol.

Share this post


Link to post
Share on other sites

Have you guys noticed one thing - how quickly these rebuilds of FireFox comes out ?? I mean even before the exploit issue became WIDELY KNOWN through news media and forum posts, my FireFox Update Icon started glowing red and I had it all nicely patched up - even before tansgrx made this post.. lol.. That's what I love about open source :( Long Live The Fiery FOX !!

Share this post


Link to post
Share on other sites

They went at some speed through the Release candidates from what I could see, there was like 60 builds taken in one day and they came to the end pretty darn fast. 1.1 is supposed to have a patch system now instead of a whole new browser.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.