Rommel 2 Posted March 24, 2005 If you use Mozilla FireFox, you might've noticed that your internet is running a little slower lately, if not dont worry, but a problem has come to the worlds notice that there is a vulnerability in Firefox. I dont know all the details but incase you have noticed... More details as I find them out. Share this post Link to post Share on other sites
Placebo 29 Posted March 24, 2005 Belongs in OT not S&FP, moving It just updated my Firefox to 1.02 </span> Quote[/b] ]The Mozilla Foundation, a non-profit organization dedicated to preserving choice and promoting innovation on the Internet, today announced a security update for its Firefox Web browser. The update is a proactive security release to patch a bug identified by Internet Security Systems, a premier security research, products, and services company. No known exploits of the bug have been reported prior to the update's release."The Mozilla Foundation is deeply committed to providing its users with the safest Internet experience possible," said Chris Hofmann, director of engineering for the Mozilla Foundation. "To deliver our users the experience they deserve, we must stay ahead of the curve in patching potential vulnerabilities. For example, the bug patched in this update has no known real world exploits, and we were able to provide a quick response." <span =''>http://www.mozilla.org/press/mozilla-2005-03-23.html Share this post Link to post Share on other sites
Balschoiw 0 Posted March 24, 2005 Thx for the heads up. Just updating. Share this post Link to post Share on other sites
der bastler 0 Posted March 24, 2005 emerge mozilla-firefox . . . done Share this post Link to post Share on other sites
void_false 1 Posted March 24, 2005 THX for info. Time to update. Share this post Link to post Share on other sites
Donnervogel 0 Posted March 24, 2005 When there is an update for mozilla ready you get a nifty red button thingy in the top right corner of mozilla. just for next time ;) Updates for extensions are shown with a green button IIRC. Share this post Link to post Share on other sites
Rommel 2 Posted March 24, 2005 Belongs in OT not S&FP, moving Thanks for the update Placebo, also regarding the topic location I wasnt sure because I saw favorite internet browsers in there I think once so, I could only guess. And its not really related to OFP... http://download.mozilla.org/?produc....g=en-US For Windows - Firefox v1.02 Share this post Link to post Share on other sites
der bastler 0 Posted March 24, 2005 Just in case someone is interested... http://it.slashdot.org/it/05/03/23/2330245.shtml http://news.zdnet.com/2100-1009_22-5632148.html Quote[/b] ]The problem is caused by a buffer overflow in legacy Netscape code still included in the browser for animating GIF images, Chris Hofmann, director of engineering for Mozilla, said. Similar memory problems have affected Mozilla's browsers and Microsoft's Internet Explorer in the past. A malicious attacker could exploit them by creating carefully crafted image files that, when viewed by a victim in a browser, execute a program and compromise the system. Share this post Link to post Share on other sites
nSe7eN 0 Posted March 24, 2005 Just updated too! :P At least they patch any discovered vulnerabilities in minimum time! Share this post Link to post Share on other sites
Tovarish 0 Posted March 24, 2005 When there is an update for mozilla ready you get a nifty red button thingy in the top right corner of mozilla. Ah, I kinda wondered what that was...but I was too lazy to click it :P. Downloading . Share this post Link to post Share on other sites
der bastler 0 Posted March 24, 2005 When there is an update for mozilla ready you get a nifty red button thingy in the top right corner of mozilla. just for next time ;) Updates for extensions are shown with a green button IIRC. Mozilla Firefox page says: Quote[/b] ]Software Update will not work if Firefox is installed to a location that you do not have write access to, since Software Update needs to replace or create files in this location. Hmm, my firefox resides in directories following the Filesystem Hierarchy Standard, so Root is needed... <table border="0" align="center" width="95%" cellpadding="0" cellspacing="0"><tr><td>Code Sample </td></tr><tr><td id="CODE">frank@Enterprise frank $ su Password: root@Enterprise frank # emerge firefox Share this post Link to post Share on other sites
Y2JON 0 Posted March 25, 2005 May be a little Offtopic, but I wasn't that keen on FireFox when I tried it. I have no idea why it's so popular. I then discovered Avant Browser and have never looked back. It really is a top-notch, free piece of programming. Just try it out guys, and see what you think: Avant Browser Share this post Link to post Share on other sites
der bastler 0 Posted March 25, 2005 http://www.avantbrowser.com/faq.html Quote[/b] ]Is Avant Browser a secure browser?Yes, Avant Browser is secure. Since it's based on Internet Explorer, Avant Browser is as secure as Internet Explorer. Avant Browser supports all SSL secured websites. Avant Browser's encryption length is the same as Internet Explorer's. It is as secure as Internet Explorer... Rofl! Share this post Link to post Share on other sites
Y2JON 0 Posted March 25, 2005 http://www.avantbrowser.com/faq.htmlQuote[/b] ]Is Avant Browser a secure browser?Yes, Avant Browser is secure. Since it's based on Internet Explorer, Avant Browser is as secure as Internet Explorer. Avant Browser supports all SSL secured websites. Avant Browser's encryption length is the same as Internet Explorer's. It is as secure as Internet Explorer... Rofl! True, that does make it sound a bit crappy, but at least download it and see what you think. It's a tiny file size. Share this post Link to post Share on other sites
Supah 0 Posted March 25, 2005 http://www.avantbrowser.com/faq.htmlQuote[/b] ]Is Avant Browser a secure browser?Yes, Avant Browser is secure. Since it's based on Internet Explorer, Avant Browser is as secure as Internet Explorer. Avant Browser supports all SSL secured websites. Avant Browser's encryption length is the same as Internet Explorer's. It is as secure as Internet Explorer... Rofl! True, that does make it sound a bit crappy, but at least download it and see what you think. It's a tiny file size. Why not just use IE if avant isnt any more secure then IE? The best thing about firefox is that its less vunerable to exploits then IE. It is VERY picky about HTML and CSS code. It will die on code that IE processes just fine, then again, thats where exploits start with IE To IE's defence, I had IE for years and never had a serious virus. As long as you know what your doing and have a good virus scanner and spyware cleaner there is nothing too wrong with IE. Share this post Link to post Share on other sites
Y2JON 0 Posted March 25, 2005 Why not just use IE if avant isnt any more secure then IE? The best thing about firefox is that its less vunerable to exploits then IE. It is VERY picky about HTML and CSS code. It will die on code that IE processes just fine, then again, thats where exploits start with IE To IE's defence, I had IE for years and never had a  serious virus. As long as you know what your doing and have a good virus scanner and spyware cleaner there is nothing too wrong with IE. Yeah, I see what you're saying. In my defence, though, IE gave me a lot of problems about 6 months ago. In the end I just gave up with it. I found FireFox, wasn't too keen on the interface or presentaion, then started using Avant. Since I've been using that, I haven't had any more internet-related problems with my PC. Although I do see your point. Share this post Link to post Share on other sites
sanctuary 19 Posted March 25, 2005 May be a little Offtopic, but I wasn't that keen on FireFox when I tried it. I have no idea why it's so popular. The same for me , until the version 1.0 of Firefox Previous versions, even the 1.0 Preview, were really not stable on my system, it crashed as much as Internet Explorer in fact. But since the release of Firefox 1.0 , it has totally changed, Firefox is now even more stable that MyIE2/Maxthon that i was using until there. And as Firefox 1.0.2 is working as good as the 1.0 and 1.0.1 ones, it is a keeper for me. Share this post Link to post Share on other sites
walker 0 Posted March 25, 2005 Hi all The main reason firefox has not suffered the attentions of crackers is that so few people use it. It is based on Netscape which was a pile of dog pooh as far as security was concerned. Now it has become slightly more popular the crackers have decided to start exploiting it. Crackers know that all the people they used to catch on IE moved to Firefox and they are still the same dumbasses. Anyone with brains can safely navigate the web with IE same as they can with other browsers as long as they update windows and IE. I suspect many who get caught with IE problems never update because they have dodgy versions of windows. It is just a question of having a proper firewall and virus checker and not downloading every freebe you see. Turn off active X except for things you are sure are OK. Turn off scripted copy and paste. Set you security settings higher. problem solved. Kind Regards Walker Share this post Link to post Share on other sites
nSe7eN 0 Posted March 25, 2005 Hi allThe main reason firefox has not suffered the attentions of crackers is that so few people use it. It is based on Netscape which was a pile of dog pooh as far as security was concerned. Now it has become slightly more popular the crackers have decided to start exploiting it. Crackers know that all the people they used to catch on IE moved to Firefox and they are still the same dumbasses. Anyone with brains can safely navigate the web with IE same as they can with other browsers as long as they update windows and IE. I suspect many who get caught with IE problems never update because they have dodgy versions of windows. It is just a question of having a proper firewall and virus checker and not downloading every freebe you see. Turn off active X except for things you are sure are OK. Turn off scripted copy and paste. Set you security settings higher. problem solved. Kind Regards Walker So the person who uses firefox doesn’t have a brain at all, how rude! As I see in your post you don’t think that users supposed to use other browsers than IE, sure because they have dodgy versions, if you didn’t know Microsoft releases the hot fixes and the other major updates for the all the governmental institutions before months from releasing them for corporate and home users, that shows a big amount for irresponsibility from Microsoft and that’s pretty known by the way! Also the vulnerability been patched in minimum time after discovering it, much faster than Microsoft in many occasions, that means the possibilities of using such vulnerability widely by the malicious people been terminated, Mozilla using a very qualified security team supposed to discover such things before the others do, that makes people like me trusts Mozilla and its products! Do you really think such settings will make you safe, in a system and browser having something called *designee flow*, the criticality of the vulnerabilities in Microsoft based OsS is the highest among the other operating systems, until now Microsoft failed from releasing a similar operating system for UNIX or any commercial releases of it, if we talked about security here, or even a decent Linux OS! Microsoft is not as great as you think, Microsoft don’t have the experience to deal with many threats that effects many of its products, when they noticed that, they bought *companies* to get such expertise, and now they are planning to bundle a free antivirus and spyware remover in the future releases of windows, to cover some of the designee flows in their OSS, because they really don’t trust 3rd party vendors that much! I m using a legitimate copy of Windows XP does those updates make me safer, did I get what I paid for, No! Mozilla firefox still safer than fully patched internet explorer, much stable and much faster too. Using internet explorer is highly critical still, your settings will not protect you as you think, if the application it self having other issues than the good settings! Share this post Link to post Share on other sites
kegetys 2 Posted March 25, 2005 The main reason firefox has not suffered the attentions of crackers is that so few people use it. While some of that is propably true, I haven't noticed Mozilla having many major security problems unlike IE. For example IE has had quite many exploits that allow you to execute whatever programs you want on any IE user's computer with a very simple piece of code. Most of these exploits use features like ActiveX which seem to be designed with a very loose security in mind. Buffer overflow exploits like the one found now are quite difficult to "use", as each exploit need to be specifically made for each platform, OS and browser version that the user might be using. Plus the Mozilla coders seem to be fixing the problems really fast unlike Microsoft who have left even very serious exploits unfixed for months before. Share this post Link to post Share on other sites
walker 0 Posted March 25, 2005 Hi all I am not saying that other browser users are dumb. I am not saying that IE is superior or more secure. I am saying that if you were a stupid dumbass with IE you will be a stupid dumbass with FireFox. Bad workmen often blame their tools. IE is secure for anyone with the inteligence not to turn the security off. It used to (emphasis used to) come with the security turned off. It also has Active X which you do not want so keep that turned off for anything other than what your sure of. Firefox made a big play of PopUp blocking and it certainly had it before it was standard on IE. However my version of IE had pop up blocking on it before FireFox did; it came as standard with my firewall. My Experience of Firefox is crash city it is still in development as far as I can tell. It Crashes running Java applets with annoying regularity. As more people use it more people will report its failings and it will become a more secure and stable product. Sorry to disapoint but it just is not there yet. Do Microsoft patch IE often enough no they do not and in the past they have left systems wide open if you were not running additional security but news for you buddies you need to run a Firewall and virus checker with FireFox Same as you do with IE. FireFox does give you additional protection against some malware and spyware. As does a good FireWall and something like Adaware, Steganos etc or heck you could even download the free beta anti-spyware from Microsoft. http://www.microsoft.com/athome/security/spyware/software/default.mspx Beware of some anti-spyware proggies though they are not all they are cracked up to be and in some cases are as bad as the spyware they purport to protect against. http://www.spywarewarrior.com/rogue_anti-spyware.htm Kind Regards Walker Share this post Link to post Share on other sites
der bastler 0 Posted March 25, 2005 True, that does make it sound a bit crappy, but at least download it and see what you think. It's a tiny file size. My systems don't understand win32 executables. And about Firefox being "very picky" about HTML and CSS code... HTML and CSS are standards, meant to be platform independent. There should be no question of interpretation, but too many people create poorly written sites. I hope this crappy web code disappears with strict XHTML... Share this post Link to post Share on other sites
Supah 0 Posted March 25, 2005 And about Firefox being "very picky" about HTML and CSS code... HTML and CSS are standards, meant to be platform independent. There should be no question of interpretation, but too many people create poorly written sites. I hope this crappy web code disappears with strict XHTML... Hah well i've made HTML and CSS code that passed W3C's own validation tools but firefox failed to read it correctly. Syntax that is approved by W3C in CSS files for instance isnt read by Firefox correctly ... no biggy you can always use to other way of writing it ... it just increases the filesize marginally Oh and "crappy" .... lets leave the zealotry at the door hmmmkay? It's a hassle that the two most used browsers out there interpret things differently but its not impossible to make sites that are rendered the same in both with some effort I am not saying either is the best, both have their weak points and their strong points. Share this post Link to post Share on other sites
Nemesis6 0 Posted March 25, 2005 Supah, if you think this is a big bug, you should really report it to the Firefox team! That is, after all, how problems are most solved - feedback and bug reports. Share this post Link to post Share on other sites
nSe7eN 0 Posted March 25, 2005 Hi allI am not saying that other browser users are dumb. I am not saying that IE is superior or more secure. No your post up there definitely shows that! I am saying that if you were a stupid dumbass with IE you will be a stupid dumbass with FireFox. Bad workmen often blame their tools. Such an amazing sense of logic, so you blame the users of IE and not IE itself, in the say you said you considered IE a good tool? IE is secure for anyone with the inteligence not to turn the security off. It used to (emphasis used to) come with the security turned off. It also has Active X which you do not want so keep that turned off for anything other than what your sure of. Firefox made a big play of PopUp blocking and it certainly had it before it was standard on IE. However my version of IE had pop up blocking on it before FireFox did; it came as standard with my firewall.My Experience of Firefox is crash city it is still in development as far as I can tell. It Crashes running Java applets with annoying regularity. As more people use it more people will report its failings and it will become a more secure and stable product. Sorry to disapoint but it just is not there yet. Do Microsoft patch IE often enough no they do not and in the past they have left systems wide open if you were not running additional security but news for you buddies you need to run a Firewall and virus checker with FireFox Same as you do with IE. FireFox does give you additional protection against some malware and spyware. As does a good FireWall and something like Adaware, Steganos etc or heck you could even download the free beta anti-spyware from Microsoft. http://www.microsoft.com/athome/security/spyware/software/default.mspx Beware of some anti-spyware proggies though they are not all they are cracked up to be and in some cases are as bad as the spyware they purport to protect against. http://www.spywarewarrior.com/rogue_anti-spyware.htm Kind Regards Walker For the fuck sake, highly configured IE is highly critical to use now or more in the past, some vulnerabilities don’t need active x to compromise your system, IE again having and windows having a designee flow as I said, IE Engine it self is vulnerable, some vulnerabilities don’t need an active x control or poor settings to exploit and compromise your system it uses some vulnerabilities in the IE engine to do so, or by using some of the integrated windows services, don’t you get it yet! Why the hell I m supposed to install all those applications if just can install decent browser like firefox and avoid all of the malicious codes that completely designed to work with IE, isn’t it a superior tool as you said, even in Microsoft not promising so! Installing a spy-ware remover and well configured firewall and antivirus is a must in all situations f you using firefox or not, but with firefox you avoiding allot of suffering! Share this post Link to post Share on other sites