Firefox and IE together brew up security trouble
Results 1 to 10 of 10

Thread: Firefox and IE together brew up security trouble

  1. #1
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391

    Post Firefox and IE together brew up security trouble

    Did a quick search and didn't see this posted yet so i thought i'd post it up and get some discussion happening..

    That's the latest update from security researchers who initially laid the blame on Microsoft's Internet Explorer for the latest zero-day exploit that also can afflict those using the Firefox Web browser.
    Users could face a "highly critical" risk if they have both IE and Firefox version 2.0, or later, loaded on their computer. The trouble begins when browsing a malicious site while using IE and it registers a "firefoxurl://" URI (uniform resource identifier) handler, which allows the browser to interact with specific resources on the Web. As a result, users may find their systems remotely compromised.
    Get the rest of the Story HERE


  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hmmmmm,

    If you have FF, why would you be browsing with IE?

  3. #3
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052
    Because IE is better...


    Kidding... good point nihil. Unless you are doing windows updates WHY!

    Edit: even then you can avoid it with the updater service...

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Yes oofki,

    I have both because some applications want to use IE only for updating. I don't see that as a problem as they are not "malicious sites".

    What I am wondering about though is the FireFox plug-in that emulates IE? Does that make FF vulnerable to the exploit by itself?


  5. #5
    Senior Member WolfeTone's Avatar
    Join Date
    Jun 2007
    Location
    Ireland
    Posts
    197
    As far as I can see it does nihil.

    FF alone is not vulnerable but a security hole in IE enables a malicious site to execute remote code through FF.

    Tired at the moment but will research it better tomorrow.

    Wolfe

  6. #6
    Junior Member
    Join Date
    Jul 2007
    Posts
    4

    Arrow

    Quote Originally Posted by WolfeTone
    As far as I can see it does nihil.

    FF alone is not vulnerable but a security hole in IE enables a malicious site to execute remote code through FF.

    Tired at the moment but will research it better tomorrow.

    Wolfe
    That's right.

    If you use Windows, IE is running on your computer 24/7, even if there are no IE browser windows open.

    Yup yup. Security holes can spread too easily through IE, due to its flawed structure.

  7. #7
    Senior Member WolfeTone's Avatar
    Join Date
    Jun 2007
    Location
    Ireland
    Posts
    197
    Quote Originally Posted by nihil
    What I [B
    am[/B] wondering about though is the FireFox plug-in that emulates IE? Does that make FF vulnerable to the exploit by itself?

    Well from what I can see, it's all IE's fault

  8. #8
    Senior Member Aardpsymon's Avatar
    Join Date
    Feb 2007
    Location
    St Annes (aaaa!)
    Posts
    434
    Quote Originally Posted by xalos999
    That's right.

    If you use Windows, IE is running on your computer 24/7, even if there are no IE browser windows open.

    Yup yup. Security holes can spread too easily through IE, due to its flawed structure.
    Not convinced that is true any more, since IE 7 they seem to have separated the iexplore and explore processes a little.

    e.g. under IE 6 typing a web address into say a "my computer" window would work within that window, with IE 7 it launches a new IE window.
    If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.

  9. #9
    Senior Member WolfeTone's Avatar
    Join Date
    Jun 2007
    Location
    Ireland
    Posts
    197
    Yes, if you type "C:\Windows" into IE, it does launch a seperate explorer window, which is the problem with IE being able to launch FF.

  10. #10
    Senior Member Aardpsymon's Avatar
    Join Date
    Feb 2007
    Location
    St Annes (aaaa!)
    Posts
    434
    well, playing devils advocate more than defending microsoft....where do you draw the line?

    should "ftp://user:pass@whatever:port" launch my FTP server?
    should "telnet://www.google.com" launch my telnet client? (ms think not in that case)
    how bout if I click a jpg, should it open in my prefered editor?

    Age old debate - security or functionality? Here is a key point I would say however.

    Quote Originally Posted by www.theregister.co.uk
    By luring an IE user to a malevolently crafted site, the attacker can cause Firefox to execute the code without first vetting it for security.
    There is your problem.
    If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.

Similar Threads

  1. Copying updates
    By Cider in forum Operating Systems
    Replies: 10
    Last Post: March 21st, 2006, 09:30 PM
  2. Tips
    By XTC46 in forum Site Feedback/Questions/Suggestions
    Replies: 15
    Last Post: August 24th, 2005, 08:52 PM
  3. Firefox suffers 'extremely critical' security hole
    By Black Cluster in forum Miscellaneous Security Discussions
    Replies: 3
    Last Post: May 13th, 2005, 08:32 PM
  4. Firefox Is Heading Toward Trouble
    By gess~da~devil in forum Web Security
    Replies: 5
    Last Post: March 14th, 2005, 10:47 PM
  5. Replies: 12
    Last Post: February 9th, 2005, 08:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •