tansqrx 0 Report post Posted May 11, 2005 I don't want to spam by posting the entire article but this was brougt to my attention by an email posting at work. Since I have not seen it in this thread here it is. The full atricle can be found at http://forums.xisto.com/no_longer_exists/"Firefox has unpatched "extremely critical" security holes and exploit code is already circulating on the Net, security researchers have warned.The two unpatched flaws in the Mozilla browser could allow an attacker to take control of your system."Security focus also has a notehttp://www.securityfocus.com/advisories/8430 Share this post Link to post Share on other sites
miCRoSCoPiC^eaRthLinG 0 Report post Posted May 11, 2005 This only affects Firefox browsers v1.0.2 and down.. The exploits reported there have been found long long back and this report is just a summarization of all of them and explains what the combined impact of these could be.. nothing to fear for people who updates their Firefox regularly.. ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/mozilla-firefox < 1.0.3 >= 1.0.3 2 www-client/mozilla-firefox-bin < 1.0.3 >= 1.0.3 3 www-client/mozilla < 1.7.7 >= 1.7.7 4 www-client/mozilla-bin < 1.7.7 >= 1.7.7 ------------------------------------------------------------------- 4 affected packages on all of their supported architectures. ------------------------------------------------------------------- Source: http://www.securityfocus.com/advisories/8430 Share this post Link to post Share on other sites
Trekkie101 0 Report post Posted May 11, 2005 Yes Firefox is rated extremely critical right now but 1.0.4 is ready just about ready to ship.*Plays Back to the future 3 theme (It relates, its like the cavalry charging in, mozilla in this case) But UMO (update.mozilla.org) has been changed so that one of the two patches has been nullified right where it stands so the warning arent as high as people claim and Firefox will still get to the top! Better to patch often than once a year like IE! Share this post Link to post Share on other sites
qwijibow 0 Report post Posted May 13, 2005 Fortunatly, i think the exploits are OS specific.i tried my firefox againsed the proof of concept domo's and i passed, even when running a vunerable version.or maybe i accidently ompiled it without a feature the exploit needs, who knows, lol. Share this post Link to post Share on other sites
miCRoSCoPiC^eaRthLinG 0 Report post Posted May 13, 2005 Have you guys noticed one thing - how quickly these rebuilds of FireFox comes out ?? I mean even before the exploit issue became WIDELY KNOWN through news media and forum posts, my FireFox Update Icon started glowing red and I had it all nicely patched up - even before tansgrx made this post.. lol.. That's what I love about open source Long Live The Fiery FOX !! Share this post Link to post Share on other sites
Trekkie101 0 Report post Posted May 13, 2005 They went at some speed through the Release candidates from what I could see, there was like 60 builds taken in one day and they came to the end pretty darn fast. 1.1 is supposed to have a patch system now instead of a whole new browser. Share this post Link to post Share on other sites
