Re: Zero day flaw found in fire fox.

I wonder if this slide is freely available on the Internet? *shudder*

Re: Zero day flaw found in fire fox.

Yes that info is freely out there.

Right now it is proof of concept but heck if it gets people to better secure there browsers its all for the better.

Re: Zero day flaw found in fire fox.

Not that is surprising. Any hacker determined to find a flaw in software is going to find some.

Fortunately the fix (installing no script) appears to really straight forward.

From the article:
Gah! What a couple of smarmy hypocrites. Attack an open source product, and don't even provide the patch.

Re: Zero day flaw found in fire fox.

I've been telling my friends for quite some time that security is not a valid reason to switch from IE to Firefox. Firefox has mostly been ignored by the hacker crowd until recently due to it not being very commonly used, but it has gained enough popularity to receive some scrutiny, and articles like this are the direct result of that popularity.

EDIT: Oh, and let me second the recommendation to use Opera. It's not really more secure, but again - less common browser means less people searching for the ways to break it and attack you.


Icemage

Re: Zero day flaw found in fire fox.

lolZDNet
http://developer.mozilla.org/devnews...ed-at-toorcon/

Re: Zero day flaw found in fire fox.

Where are all those people telling me to switch to Firefox now? Maybe this will knock all the zealots down a notch.

Re: Zero day flaw found in fire fox.

Well went to the site's full story, I couldn't find that comment that's be quoted here. then also wen to the link neighbortaru posted. That makes more sense there, the issue occuring from Java script in FireFox isn't exactly a hack issue. They can't gain control of your system through it.

Big whoop they cause FireFox to bomb out if you go to the site because of an overstacking (Seriously, some people creating a website accidently do this without knowing it). So you end up at your desktop again. Something that is close to impossible to prevent regardless of what browser you use, it's a very frequent issue with databases. If you make a query to complex it crashes, if you try to restrict the queries to prevent those specific actions you end up dumbing down the database so badly it becomes ineffective to use for anything.

Issue is far less detremental then it's being made to look, just another damn News hype to draw attention to something that is almost ineffective. It's the false train derailing being recorded live simply because the reporter or reporting group doesn't know that there are trains built to intentionally scrape the tracks in order to clean and prevent derailing.

Like I stated in another thread to many people with the damn "Sky is falling" syndrome. To state there is a difference between IE and Firefox, IE in the same fashion that M$ does, loves to ignore standards set in order to provide safer securities and other such things. They go and do some proprietary BS that often breaks their program making it a whole lot easier for hackers to get control of.

Very reason I hate those M$ designed routers. They defy the IEEE standards to damn much and a result you have to keep fiddling with the damn thing to make sure it's secure. Extra work that would not of been needed if they just had followed the damn IEEE standards.

Re: Zero day flaw found in fire fox.

Firefox is not a standards complient browser. It just breaks different standards then IE does and this is hardly the first Firefox exploit to be created.

Re: Zero day flaw found in fire fox.

True, but they are closer to standards then IE is. Basically just pointing out that people either way shouldn't be boasting crap against it. The bigger focus is seeing how the company handles it, mozilla has had a better track record at preventing then IE has. Likely due to the fact that they have stayed closer to the standards then IE has.

Re: Zero day flaw found in fire fox.

Okay, I'll bite.

Switch to Firefox. Or Opera. Or Maxthon. Not because they're more secure, but because those products actually react to their users.

In the face of escalating of pop-up ads, viruses, spyware, and every other malware exploit you can imagine, Microsoft could be barely motivated to patch Internet Explorer. They abandonded it, left their users twisting in the wind. The Program Manager Tony Chor even fessed up to it at Webstock:
Leaving for dead a browser that millions of people rely on day to day is simply not cool. Despite users and press clamoring about badly broken IE was, the IE development team stayed pretty darn quiet.

Suddenly Apple's Safari, Firefox, and a few other fringe browser start showing up in relevant numbers. Then, and only then does Microsoft wake up. Clearly the only thing that motivates Microsoft is the hissing sound that started coming from their marketshare balloon.

Switch to Firefox, not because it's more secure, but because of the customization features inherent in the platform. If the base product doesn't exactly fit you, there's a decent amount of of community support around building extensions to make Firefox operate the way you want.

No, switching to Firefox for security is still a perfectly valid reason. The Mozilla Foundation still has better turn-around on exploits than Microsoft (so long as it's not related to DRM). IIRC, Opera still leads everyone by averaging a window of less than 24 hours.

Likewise, there are a number of community driven extension for Mozilla that are security related. (I digs the NoScript, and Flashblock extensions.)

Re: Zero day flaw found in fire fox.

I see this hasn't taken the zealots down a notch.

Re: Zero day flaw found in fire fox.

It was nothing more than a hoax for crying out loud. Switch to Firefox. :p

Re: Zero day flaw found in fire fox.

Dak, switch to FireFox or the devil will eat your soul.

Is Opera as customizable as FF? Mainly, does it have tabbed pages in the same window? I'm a fan of that little feature.

Re: Zero day flaw found in fire fox.

Somebody is going to have to hold me down while somebody else installs it, that's the only way.

Besides, I heard IE will have tabs soon enough. I don't even think it's that nifty of a feature, but oh well, it'll be there.