Security Holes hit Firefox

Posted on

Perdido
Member Since: Dec 15, 2004


by Antony Savvas

Tuesday 10 May 2005

Security holes hit Firefox



Users of the latest version of the open source Firefox browser face two “extremely critical” security holes relating to cross-site scripting and hacker remote access.

Security researcher Secunia has reported the “proof of concept” flaws and said that they are extremely critical as exploited code has been circulated on the internet.

The Mozilla Foundation is still working on fixes to the flaws in its version 1.0.3 Firefox browser, but in the meantime it has advised users to temporarily disable JavaScript on their browsers.

Mozilla has also changed its web update system to help reduce the risk of the security holes.

Mozilla said it was not aware of any exploits of the vulnerabilities among Firefox users.

There have been over 44m downloads of recently launched Firefox, which is aiming to challenge the dominance of Microsoft’s Internet Explorer, which has around 90% of the browser market.

[ Back to Top ]


Dub head
Member
Since: May 03, 2004


May 10, 2005 12:13 pm

Yikes! Not good. I think I'll disable Java and use IE until this gets fixed. I'll never go back to IE permanently though. Firefox has been fantastic so far.

Administrator
Since: Apr 03, 2002


May 10, 2005 12:15 pm

oh for god sake, using IE until this gets fixed will put you at far greater risk than this stupid hole...you are replacing a couple holes with one large gapping hole...

Don't run freaked out every time an exploit is found, cuz EVERY browser will have them, and on average, the threats found in IE are FAR more serious than the threats found in FF.

Perdido
Member
Since: Dec 15, 2004


May 10, 2005 01:23 pm

oh for god sake, using IE until this gets fixed will put you at far greater risk than this stupid hole...you are replacing a couple holes with one large gapping hole...

Don't run freaked out every time an exploit is found, cuz EVERY browser will have them, and on average, the threats found in IE are FAR more serious than the threats found in FF.



*claps*

www.charlienaebeck.com
Member
Since: Apr 10, 2004


May 10, 2005 03:44 pm

lol I concur and clap also. There is no such thing as a guarantee in anything in this world. If you are smart in your browsing and know what to avoid, you will not have prob's anyhow. *shrugs*

Administrator
Since: Apr 03, 2002


May 10, 2005 04:08 pm

if it accesses the internet, it's got possible security risks...plain and simple, the best people can hope for is quick patches and accurate, honest reporting.

www.TheLondonProject.ca
Member
Since: Feb 07, 2005


May 10, 2005 04:27 pm

...and for God's sake, GET A FIREWALL!

Administrator
Since: Apr 03, 2002


May 10, 2005 05:06 pm

well, javascript hits come over port 80, which is generally open, as it has to be for the internet to come thru...javascript runs in the browser, not on the server, so it's already on your local machine...

www.TheLondonProject.ca
Member
Since: Feb 07, 2005


May 10, 2005 05:42 pm

Yes, dB, you are correct as usual. It just seemed like a good time to mention it.

The average time for a unprotected PC on the internet is less than 3 minutes. You don't even have to open a browser/e-mail or anything. I'm always surprised to hear how many people don't have a firewall but then they are all of a sudden concerned about what browser they are using.

Anyways, a bit off topic... sorry

Master of the Obvious?
Member
Since: Jun 29, 2004


Jun 08, 2005 01:43 am

Put a router between your computer and the internet, use a good antivirus program and a good anti-spyware program, and stay the hell away from Internet Explorer, and you should be good to go. Oh, and don't download attachments/emails from people you don't know (no matter how exciting the subject may be) and don't go to questionable websites.

The End.

Related Forum Topics:



If you would like to participate in the forum discussions, feel free to register for your free membership.