Log in
Register
Menu
Log in
Register
Home
What's new
Latest activity
Authors
Forums
New posts
Search forums
What's new
New posts
Latest activity
Members
Current visitors
New posts
Search forums
Menu
Log in
Register
Install the app
Install
Forums
Miscellaneous Sections
Tech Head - The Technology Section
Tech News feeds.
Firefox 3 security compromised
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="The Feedster" data-source="post: 527046" data-attributes="member: 259515"><p><img src="http://mos.techradar.com//classifications/computing/internet-and-broadband/images/firefox_logo-200-200.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /> Somebody has already reported a serious security flaw with Mozilla's latest version of Firefox that was released and downloaded by millions of users last week.</p><p></p><p>The security flaw was reported to TippingPoint's Zero Day Initiative and Mozilla has been informed of the details, so we will no doubt see a fix for the problem in the next Firefox 3 update.</p><p></p><p>We are waiting to hear on more details on that from Mozilla, so will be sure to keep you informed.</p><p></p><p><strong>Cashing in?</strong></p><p></p><p>As the vulnerability also affects the older version of Mozilla's Firefox 2, there is always the suspicion that the person who flagged the problem with TippingPoint was waiting until Firefox 3 launched with all the accompanying hype and fanfare last week to cash-in a little more on their discovery.</p><p></p><p>Bear in mind that The Zero Day Initiative Benefits lists the following factors in determining the value of a reported fault:</p><p></p><p>&bull; Is the affected product widely deployed?</p><p>&bull; Can exploiting the flaw lead to a server or client compromise? At what privilege level?</p><p>&bull; Is the flaw exposed in default configurations/installations?</p><p>&bull; Are the affected products high value (e.g. databases, e-commerce servers, DNS, routers, firewalls)?</p><p>&bull; Does the attacker need to social engineer his victim? (e.g. clicking a link, visiting a site, connecting to a server, etc.)</p><p></p><p><strong>Internet best practice</strong></p><p></p><p>Details on the security breach are scarce. The Tipping Point blog merely notes that: "Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code. Not unlike most browser based vulnerabilities that we see these days, user interaction is required such as clicking on a link in email or visiting a malicious web page."</p><p></p><p>While we await further details on the manner of the security threat, we can only advise that you don't click on any suspicious links in non-solicited emails or visit dodgy websites!</p><p></p><p>In the meantime, concerned Firefox 3 users might want to install the useful NoScript extension, just to be sure.</p><p></p><p><img src="http://rss.feedsportal.com/c/669/f/8513/s/14f162e/mf.gif" alt="" class="fr-fic fr-dii fr-draggable " style="" /> <a href="http://res.feedsportal.com/viral/sendemail2.html?title=Firefox 3 security compromised&link=http://www.techradar.com/news/internet/firefox-3-security-compromised-398747" target="_blank"><img src="http://rss.feedsportal.com/images/emailthis2.gif" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a><a href="http://res.feedsportal.com/viral/bookmark.cfm?title=Firefox 3 security compromised&link=http://www.techradar.com/news/internet/firefox-3-security-compromised-398747" target="_blank"><img src="http://rss.feedsportal.com/images/bookmark.gif" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a></p><p></p><p></p><p><a href="http://rss.feedsportal.com/c/669/f/8513/s/14f162e/story01.htm" target="_blank">More...</a></p></blockquote><p></p>
[QUOTE="The Feedster, post: 527046, member: 259515"] [IMG]http://mos.techradar.com//classifications/computing/internet-and-broadband/images/firefox_logo-200-200.jpg[/IMG] Somebody has already reported a serious security flaw with Mozilla's latest version of Firefox that was released and downloaded by millions of users last week. The security flaw was reported to TippingPoint's Zero Day Initiative and Mozilla has been informed of the details, so we will no doubt see a fix for the problem in the next Firefox 3 update. We are waiting to hear on more details on that from Mozilla, so will be sure to keep you informed. [B]Cashing in?[/B] As the vulnerability also affects the older version of Mozilla's Firefox 2, there is always the suspicion that the person who flagged the problem with TippingPoint was waiting until Firefox 3 launched with all the accompanying hype and fanfare last week to cash-in a little more on their discovery. Bear in mind that The Zero Day Initiative Benefits lists the following factors in determining the value of a reported fault: • Is the affected product widely deployed? • Can exploiting the flaw lead to a server or client compromise? At what privilege level? • Is the flaw exposed in default configurations/installations? • Are the affected products high value (e.g. databases, e-commerce servers, DNS, routers, firewalls)? • Does the attacker need to social engineer his victim? (e.g. clicking a link, visiting a site, connecting to a server, etc.) [B]Internet best practice[/B] Details on the security breach are scarce. The Tipping Point blog merely notes that: "Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code. Not unlike most browser based vulnerabilities that we see these days, user interaction is required such as clicking on a link in email or visiting a malicious web page." While we await further details on the manner of the security threat, we can only advise that you don't click on any suspicious links in non-solicited emails or visit dodgy websites! In the meantime, concerned Firefox 3 users might want to install the useful NoScript extension, just to be sure. [IMG]http://rss.feedsportal.com/c/669/f/8513/s/14f162e/mf.gif[/IMG] [URL="http://res.feedsportal.com/viral/sendemail2.html?title=Firefox 3 security compromised&link=http://www.techradar.com/news/internet/firefox-3-security-compromised-398747"][IMG]http://rss.feedsportal.com/images/emailthis2.gif[/IMG][/URL][URL="http://res.feedsportal.com/viral/bookmark.cfm?title=Firefox 3 security compromised&link=http://www.techradar.com/news/internet/firefox-3-security-compromised-398747"][IMG]http://rss.feedsportal.com/images/bookmark.gif[/IMG][/URL] [url=http://rss.feedsportal.com/c/669/f/8513/s/14f162e/story01.htm]More...[/url] [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Miscellaneous Sections
Tech Head - The Technology Section
Tech News feeds.
Firefox 3 security compromised
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
Accept
Learn more…
Top