Results 1 to 8 of 8

Thread: Firefox and Seamonkey Vulnerabilities

  1. #1

    Firefox and Seamonkey Vulnerabilities


    In addition to the "pwn2own" vulnerability used at CanSecWest last week in order to compromise a system with the Firefox web browser, a new vunerability has been published which involves XSL Transforms. This vulnerability impacts both the latest Firefox 3.0.7 and Seamonkey 1.1.15 browsers. A proof-of-concept exploit for the XSL Transform vulnerability has been released. If the attack succeeds, arbitrary code can be run in the context of the browser. If the attack fails, a DoS condition is likely for the browser.
    Mozilla is working on updates for both packages and they expect the updated versions to be released by April 1 (and no, this is not an early April Fools joke).

    Original Source :
    http://isc.sans.org/diary.html?storyid=6079

    More reading :
    http://www.securityfocus.com/bid/34235/
    http://secunia.com/advisories/34471/
    http://www.vupen.com/english/advisories/2009/0853
    https://bugzilla.mozilla.org/show_bug.cgi?id=485217
    http://blog.mozilla.com/security/200...vulnerability/



    It is ironic that people consider firefox a "secure" browser.. sigh..
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  2. #2
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    No browser is secure once it becomes popular. That goes for any other program or operating system. Once there is a sufficient size think tank trying to break it, somebody will find it. The most secure program is the one the fewest people use.

  3. #3
    I healthy argument, I must say this:

    I do agree what you said, however I find development standard for Firefox really low and browser performance lower then "advertised" and "screamed to be". I'm not going go to secunia and get a pie chart of total number vulnerabilities that have been reported (which are anyway more than IE + Opera combined). But the number of memory related problems (leaks, overflows) that I’ve seen in Firefox over its development cycle are just too much..

    I'm going to say this again you're right about how popularity leads to more problems / weakness being discovered in software but I just find Firefox much less then what it's said to be. It's really no where as secure as thought (advertised) to be. Nor is its performance what it is said (advertised) to have.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  4. #4
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391
    I guess i will stick to using my faithful k-meleon.

  5. #5
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    I probably have my "timing"/dates wrong, but for me personally it went something like this:

    IE6 wasn't that great - and neither was FF 1.x...
    Then FF 2 and IE7 were released at around the same time (October 2006, according to what I can find), and FF seemed to be winning the battle... until IE7 became way cooler and FF became way more bloated/unstable... Now there's FF3, and then there's IE8 - I used to have FF3 installed because my bank didn't recognize IE8, but now that my bank has caught up, I'll do FF3 a favor by not uninstalling it... what a bloated, slow piece of crap...

    Looks like FF can't take the heat... IE used to have that problem, but now they're used to it, and they seem to anticipate it. IE8 is an excellent browser... FF3, not so much...

  6. #6
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    Quote Originally Posted by ByTeWrangler View Post
    I healthy argument, I must say this:

    I do agree what you said, however I find development standard for Firefox really low and browser performance lower then "advertised" and "screamed to be". I'm not going go to secunia and get a pie chart of total number vulnerabilities that have been reported (which are anyway more than IE + Opera combined). But the number of memory related problems (leaks, overflows) that I’ve seen in Firefox over its development cycle are just too much..

    I'm going to say this again you're right about how popularity leads to more problems / weakness being discovered in software but I just find Firefox much less then what it's said to be. It's really no where as secure as thought (advertised) to be. Nor is its performance what it is said (advertised) to have.
    You won't get any argument on that from me. As a browser, Firefox is an example of brilliant marketing.

    You're probably already aware of it, but this site lists myths surrounding Firefox.

  7. #7
    Banned
    Join Date
    Jan 2008
    Posts
    605
    I imagine IE makes use of memory protection.

    Firefox seems to be more worried about keeping its users from being rick roll'ed.

  8. #8
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    Quote Originally Posted by The-Spec View Post
    I imagine IE makes use of memory protection.

    Firefox seems to be more worried about keeping its users from being rick roll'ed.
    LOL...

    I go back and forth between FF and IE on a daily basis. FF is rather bloated, and overrated, but I love some of the extensions. This looks like another possible browser war thread. :-P
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

Similar Threads

  1. FireFox Security Problems, released 4/17
    By Galiath in forum Web Security
    Replies: 7
    Last Post: April 21st, 2006, 02:57 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •