April 7th, 2007, 02:00 AM
Security Flaw + Firefox = Evil Browser
Because I’m sure there are a lot of Firefox fans all over the Internet, I must disappoint you and report another vulnerability discovered in the Mozilla browser that can allow an attacker to
Security company Secunia discovered the vulnerability in all the versions released before the current 1.02, adding that the flaw is highly critical and all the users must update to the latest version of the extension. “Firebug does not properly sanitize input passed to the "console.log()" function. This can be exploited to e.g. execute arbitrary script code within the "chrome:" context by tricking a user into visiting a malicious website,” Secunia sustained in the security advisory.
Security Flaw + Firefox = Evil Browser - Mozilla’s browser is affected by a critical vulnerability - Softpedia
April 7th, 2007, 10:55 AM
It saddens me that people get paid for writing this sort of garbage,
It is an extension to FF, not a part of the core browser application, it merely interfaces to it. These add-ons, extensions and plug-ins are written by third parties and are installed at the user's discretion and risk.
I must disappoint you and report another vulnerability discovered in the Mozilla browser
I don't think anyone would seriously expect that they would get away with saying: "I installed Microsoft Windows and a shed load of third party applications that made my system vulnerable, so its Microsoft's fault" Although I have seen the argument used against Linux when counting comparative number of vulnerabilities against Windows
I have the same argument regarding MS products. I see some of these patches and think I don't have that, I don't do that, I don't use that. I still apply all the patches that will work, but only to keep my system "current" and in case there are some subtle changes that aren't mentioned in the documentation.
In this case, the vulnerability does not apply to the current version, so the discovery is a bit too late and pretty irrelevant, unless you happen to be some third rate hack journalist?
Last edited by nihil; April 7th, 2007 at 11:11 AM.
April 7th, 2007, 11:53 AM
April 7th, 2007, 12:39 PM
You must be thinking of something else mate. The article is dated 6th April 2007.
just curious as to know why an outdated article is getting posted up?
The original bug report was on 4th April and a fix v1.02 was released the same day. This was improved a little later to v1.03 and the latest v1.04 was released 5th April 2007.
So the guy who wrote that article just regurgitated Secunia's report without doing any personal research...............that would have taken him all of 30 seconds
April 7th, 2007, 01:07 PM
nihil said it...the article was dated on the day I posted it...I assumed that Softpedia was not reporting on an already fixed problem as the article is very clear that it was reporting on an existing problem...unfortunately as nihil pointed out someone at Softpedia posted the article after the fact...
well i'm a gonna throw my 2cents into this thread, anyhooow just curious as to know why an outdated article is getting posted up?
acidtone/echo....or whatever account you're using on any given day...before you go criticizing you should look desperately at your own contributions.
April 7th, 2007, 01:14 PM
April 7th, 2007, 01:22 PM
Actually Eg~ I was slightly amused by the article.
I thought "what if I wanted to make that a totally partisan pro FF diatribe"
1. Secunia report flaw..............there is a quick fix within hours, then a tidied up version, then an even more secure version (somthing to do with HTML I think) All within the space of 24 hours.
2. Critics of open source complain about the lack of support and bug fixing speed. Can MS produce quickfix, final fix and enhancement within 24 hours?
3. Talking about MS, what about the great "animated cursor" scandal..........they knew about that back in December 2006 and didn't have a fix out 'till April 2007. The only reason the released it early was because serious malware was going live on the net..............
I think you can see how it could be slanted a full 180
April 7th, 2007, 02:09 PM
Heres a Article about The Web site for computer parts manufacturer ASUStek Computer Inc. WebSite got pwned and started
Originally Posted by nihil
serving up attack code that exploited a critical Windows vulnerability,
April 7th, 2007, 03:48 PM
So if Adobe has a bug in Flash, does that make Microsoft IE a bad browser? A crappy plugin is a crappy plugin; I don't see how it reflects on the security of the browser itself.
April 7th, 2007, 06:41 PM
That was exactly the kind of point I was making. It seems that there is cadre of self-styled IT journalists who are hell bent on insulting our collective intelligences?
This article is a classic example, the guy doesn't know what the hell he is talking about...................or does he $$$$$$$$$$$$$$$???????
By \/IP3R in forum AntiOnline's General Chit Chat
Last Post: March 7th, 2005, 09:25 PM
By SDK in forum Miscellaneous Security Discussions
Last Post: November 30th, 2004, 11:45 PM
By gore in forum Newbie Security Questions
Last Post: December 29th, 2003, 07:01 AM
By Szafran in forum Miscellaneous Security Discussions
Last Post: September 7th, 2003, 09:41 PM
By xmaddness in forum Security News
Last Post: August 15th, 2002, 03:07 AM