Guild Wars Guru

Firefox vulnerability could cause remote code excecution

2 pages Page 1
Brett Kuntz
Brett Kuntz
Core Guru
#1
Quote:
Title: Mozilla Firefox 3.5 Remote Code Execution Vulnerability
Severity: HIGH
Description:

Mozilla Firefox is a web browser available for various platforms.

Firefox is prone to a remote code-execution vulnerability due to an unspecified error. This issue arises during the processing of JavaScript and may present itself when certain string characters are escaped and subsequently copied to a buffer.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions.

The issue affects Firefox 3.5; other versions may also be vulnerable.

The remote code execution was confirmed in Firefox 3.5 running on Microsoft Windows XP SP2. A crash was observed in Firefox 3.5 on Microsoft Windows XP SP3.
Affected Products:

* Mozilla Firefox 3.5.0
http://www.juniper.net/security/auto...vuln35660.html

In 2007 and 2008 FireFox was the most vulnerable browser which had the most critical level security issues. It looks like it's on track to get the title for a 3rd straight year!

If you like a secure browser and one with a minimal plug-in footprint:

IE7 or IE8 + http://www.ie7pro.com = The way to go
K
Killamus
Guest
#2
Or, you know, just use noscript, like everyone who uses firefox does.
T
The Air Revenger
Lion's Arch Merchant
#3
DONT get IE, just run no-script on firefox and your fine or get google crome.
Sindo
Sindo
Ascalonian Squire
#4
LOLZ!

IE is worse than Firefox without noscript.
Braxton619
Braxton619
Desert Nomad
#6
lmao IE has so many exploits is soooo funny... hahaahaha

btw firefox doesnt have many.. IE has tons and tons

Pretty much Firefox is unexploitable with No Script
g
gremlin
Furnace Stoker
#7
I use firefox and have done for a number of years noscript are two essentials for me.

I was completely sold on firefox the first time I crashed it
Came back after a reboot to the message firefox was unexpectedly shut down would you like to go back to the page you were on.

It remembered that page, all the other tabs and let me continue downloading a file from where I left off.
Brett Kuntz
Brett Kuntz
Core Guru
#8
Quote:
Originally Posted by gremlin View Post
I use firefox and have done for a number of years noscript and adblock plus are two essentials for me.

I was completely sold on firefox the first time I crashed it
Came back after a reboot to the message firefox was unexpectedly shut down would you like to go back to the page you were on.

It remembered that page, all the other tabs and let me continue downloading a file from where I left off.
IE7/8 has always done that!
K
Killamus
Guest
#9
Quote:
Originally Posted by Kuntz View Post
IE7/8 has always done that!
Firefox has done that (At least on Linux) since IE5.

IE has a lot more holes, they're just patched faster then on Firefox.
Aside from the ease of use, that's the only difference.
Oh, and noscript, which stops 99% of the bugs that cause these anyways.
Brett Kuntz
Brett Kuntz
Core Guru
#10
Quote:
Originally Posted by Killamus View Post
IE has a lot more holes, they're just patched faster then on Firefox.
But that is something you just made up and is not a fact. Firefox is the most vulnerable browser available to you, plug-ins or otherwise. It is amazing that if enough people lie in blogs about something, average people like you will believe it as fact, without ever doing your own research or asking any questions.

[LI] Firefox Security Superiority a Myth - Overclock.net - Overclocking.net

[INQ] Firefox fixes eight security flaws - Overclock.net - Overclocking.net

[TcMag] Mozilla Firefox comes up as most vulnerable application - Overclock.net - Overclocking.net

Quote:
Mozilla's popular internet browser Firefox has been recorded as the most vulnerable application amongst consumer software of 2007, says researchers from the Bit9. Both Firefox 2.x and Firefox 3.x were found to be open to attack from 40 well known severe vulnerabilities over the course of the 12 month analysis.
Quote:
There were 115 reported security vulnerabilities in Firefox last year [2008] -- almost twice as many as Internet Explorer and Apple's (Nasdaq: AAPL) Safari browser combined, according to a new report by the security researcher.
FireFox has 21% of the market share, but 50% of the security exploit share. It will get exponentially worse as the market share for FF increases.
g
gremlin
Furnace Stoker
#12
Quote:
Originally Posted by Kuntz View Post
IE7/8 has always done that!
Really ?
Well sadly I jumped ship on IE years ago, they way I look at it is IE should be the best browser bar none and it isn't.
Windows media player should also be the best there is and it isn't.
Why ever not after all they are made by the people who wrote the operating system.

The only reason Microsoft make improvements is because everyone is deserting them for better options.
Then sometimes years later they catch up, if I use the alternatives I get the extras early.
jackers1234
jackers1234
Frost Gate Guardian
#13
i love firefox fanchildren, they provide me with much amusement =P

having said that, i do agree that firefox is ahead of ie interms of features and security.
K
Killamus
Guest
#14
Quote:
Originally Posted by Kuntz View Post
But that is something you just made up and is not a fact. Firefox is the most vulnerable browser available to you, plug-ins or otherwise. It is amazing that if enough people lie in blogs about something, average people like you will believe it as fact, without ever doing your own research or asking any questions.

[LI] Firefox Security Superiority a Myth - Overclock.net - Overclocking.net

[INQ] Firefox fixes eight security flaws - Overclock.net - Overclocking.net

[TcMag] Mozilla Firefox comes up as most vulnerable application - Overclock.net - Overclocking.net





FireFox has 21% of the market share, but 50% of the security exploit share. It will get exponentially worse as the market share for FF increases.
Out of all of the security flaws there, all of them were related to Javascript in some way. Which, if you're running noscript/adblock (As stated several times by myself, and every other person here defending FF) is a moot point. I honestly don't know why they don't release FF with noscript/adblock, it would make the browser so much more secure.

Also, I'll be petty here: At least Firefox is up to web standards.
http://en.wikipedia.org/wiki/Compari...rs#Acid_Scores
(Stupid wiki, I can't find the web browser standards comparison. I know it's there somewhere.)
Tarun
Tarun
Technician's Corner Moderator
#15
Never cared for NoScript. And with what they did with Adblock Plus, I'll never trust, use, or recommend them to anyone.

Why are people freaking out about vulnerabilities anyways? Nothing is secure or 100%. Firefox 3.5.1 is already in build 1 of the release candidate stage, posted earlier this morning.
Snograt
Snograt
rattus rattus
#16
It will be interesting when Windows 7 comes along and people have to actually choose which browser to use.
Fril Estelin
Fril Estelin
So Serious...
#17
Quote:
Originally Posted by Snograt View Post
It will be interesting when Windows 7 comes along and people have to actually choose which browser to use.
Most people won't choose: they'll use the one(s) they were using before, market shares haven't moved significantly in a while.

As Tarun said, FF is completely safe as it's a push-update, people will see the update window as soon as the patch is ready, which should be soon.
Snow Bunny
Snow Bunny
Alcoholic From Yale
#18
If chrome looked like Firefox, I'd use chrome.

SORRY GUYS ILL STILL USE FIREFOX3.

Also safari is a mac product which means hipster which means sucka deez nutz.
Rhododendron
Rhododendron
Frost Gate Guardian
#19
That's not nice Kuntz, as one of the "average people", i would have loved to see the links you posted as a well documented person, but they are broken.
Brett Kuntz
Brett Kuntz
Core Guru
#20
Quote:
Originally Posted by Rhododendron View Post
That's not nice Kuntz, as one of the "average people", i would have loved to see the links you posted as a well documented person, but they are broken.
All links provided work, your work/school is blocking you if they do not, or you have a bunk internet connection.