FF 3.5.1 Vulnerable
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: FF 3.5.1 Vulnerable

  1. #1
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190

    FF 3.5.1 Vulnerable

    FireFox 3.5.1 has a vulnerability:

    http://isc.sans.org/diary.html?storyid=6829&rss

    There is no patch yet

    Although Javascript access can be restricted with applications such as the NoScript Add-On, it may still be possible for the browser to be exploited if an untrusted website is loaded

  2. #2
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Here is what Mozilla guys had to say about it

    "We do not believe this is any kind of boundary condition, but a
    non-exploitable denial-of-service due to memory exhaustion."

    http://blog.mozilla.com/security/200...cve-2009-2479/

    More :

    http://isc.sans.org/diary.html?storyid=6838
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  3. #3
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    WHY THE HELL ARE PEOPLE STILL USING FIREFOX ! :x
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  4. #4
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391
    Quote Originally Posted by ByTeWrangler View Post
    WHY THE HELL ARE PEOPLE STILL USING FIREFOX ! :x
    Because there are people who are ignorant and believe, worship the following statement.


    The Firefox Web Browser is the faster, more secure, and fully customizable way to surf the web.


    Plus your not cool unless you tell everyone to ditch other browsers and use FF cause it's so much uber better then the others...

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Don't worry about it ByTe~, it really isn't a problem; the British government are still using IE6

    http://antionline.com/showthread.php?t=278339

    It does look as though this might be a cross browser problem though, as your link mentions that it was first tried on IE8? I notice that my Secunia PSI still shows IE8 as vulnerable to XSS due to character set inheritance.

    FireFox and Opera share these plugin vulnerabilities with IE8:

    Real Player 11.x
    Sun Java JRE 1.6x/6x (x2)

    Secunia have yet to mention the memory exhaustion issue.

    All the vulnerabilities are unpatched

    As for your question:
    WHY THE HELL ARE PEOPLE STILL USING FIREFOX ! :x
    Because they still run Windows 2000, although the latest Opera will also run on that, and would possibly be a better bet?

    Given that MS are still supporting Windows 2000, I am guessing that they must also be supporting IE6, as it is the latest version that will run with that OS.

    I would still prefer FF and Opera to IE6 as they have more functionality and are likely to be more secure.

    I will check an IE6/Windows 2000 box later today.



    EDIT:

    On a fully patched Windows 2000/IE6 box the IE shows as vulnerable per-se, Opera and FF 3.0 do not.
    Last edited by nihil; July 21st, 2009 at 07:07 PM.

  6. #6
    Junior Member
    Join Date
    Jan 2005
    Posts
    14
    So then what browser do you all recommend?

    Falcis

  7. #7
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    I used K-Meleon for a few days... turns out that it is as much of a memory hog as FF, but more buggy. Haven't spent much time in IE8 yet, but I am thinking about giving it a shot. I have yet to find a browser that doesn't drive me to strong drink...
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  8. #8
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Use opera for all your browsing needs.

    There are webpages where Opera will fail use IE there. However ensure every URL that you visit using IE is know (like microsoft, yahoo, windows live) but not links through google use !

    You will never get infected through a webpage if you are visiting well known sites which take enough measure's to ensure integrity of their sites. But if you wander of searching through good it's better to use opera.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  9. #9
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    Quote Originally Posted by ByTeWrangler View Post
    Use opera for all your browsing needs.

    There are webpages where Opera will fail use IE there. However ensure every URL that you visit using IE is know (like microsoft, yahoo, windows live) but not links through google use !

    You will never get infected through a webpage if you are visiting well known sites which take enough measure's to ensure integrity of their sites. But if you wander of searching through good it's better to use opera.
    Sounds like a great browsing solution. Use Opera for all of your browsing needs, except where it doesn't work... use a different browser there.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  10. #10
    Quote Originally Posted by westin View Post
    Sounds like a great browsing solution. Use Opera for all of your browsing needs, except where it doesn't work... use a different browser there.
    And don't you dare go to websites you haven't heard of! Screw discovering new things!

Similar Threads

  1. Novell server hacked, used to scan for vulnerable computers
    By Black Cluster in forum Security News
    Replies: 0
    Last Post: September 30th, 2005, 12:20 PM
  2. SANS says: IIS most vulnerable software
    By cleanbash in forum Microsoft Security Discussions
    Replies: 7
    Last Post: October 13th, 2003, 11:30 PM
  3. LINUX as vulnerable as Windows?
    By qwerty_smith in forum *nix Security Discussions
    Replies: 20
    Last Post: January 10th, 2003, 06:42 PM
  4. The Web is more vulnerable than ever
    By Fakeboy in forum Web Development
    Replies: 2
    Last Post: July 12th, 2002, 05:20 PM
  5. Report: Government PCs are vulnerable
    By jared_c in forum Non-Security Archives
    Replies: 1
    Last Post: February 5th, 2002, 04:29 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •