FF 3.5.1 Vulnerable

[nihil]

FireFox 3.5.1 has a vulnerability:

http://isc.sans.org/diary.html?storyid=6829&rss

There is no patch yet

Although Javascript access can be restricted with applications such as the NoScript Add-On, it may still be possible for the browser to be exploited if an untrusted website is loaded

[ByTeWrangler]

Here is what Mozilla guys had to say about it

"We do not believe this is any kind of boundary condition, but a
non-exploitable denial-of-service due to memory exhaustion."

http://blog.mozilla.com/security/200...cve-2009-2479/

More :

http://isc.sans.org/diary.html?storyid=6838

[ByTeWrangler]

WHY THE HELL ARE PEOPLE STILL USING FIREFOX ! :x

[t34b4g5]

WHY THE HELL ARE PEOPLE STILL USING FIREFOX ! :x

Because there are people who are ignorant and believe, worship the following statement.

The Firefox Web Browser is the faster, more secure, and fully customizable way to surf the web.

Plus your not cool unless you tell everyone to ditch other browsers and use FF cause it's so much uber better then the others...

[nihil]

Don't worry about it ByTe~, it really isn't a problem; the British government are still using IE6

http://antionline.com/showthread.php?t=278339

It does look as though this might be a cross browser problem though, as your link mentions that it was first tried on IE8? I notice that my Secunia PSI still shows IE8 as vulnerable to XSS due to character set inheritance.

FireFox and Opera share these plugin vulnerabilities with IE8:

Real Player 11.x
Sun Java JRE 1.6x/6x (x2)

Secunia have yet to mention the memory exhaustion issue.

All the vulnerabilities are unpatched

As for your question:

WHY THE HELL ARE PEOPLE STILL USING FIREFOX ! :x

Because they still run Windows 2000, although the latest Opera will also run on that, and would possibly be a better bet?

Given that MS are still supporting Windows 2000, I am guessing that they must also be supporting IE6, as it is the latest version that will run with that OS.

I would still prefer FF and Opera to IE6 as they have more functionality and are likely to be more secure.

I will check an IE6/Windows 2000 box later today.



EDIT:

On a fully patched Windows 2000/IE6 box the IE shows as vulnerable per-se, Opera and FF 3.0 do not.

[Falcis]

So then what browser do you all recommend?

Falcis

[westin]

I used K-Meleon for a few days... turns out that it is as much of a memory hog as FF, but more buggy. Haven't spent much time in IE8 yet, but I am thinking about giving it a shot. I have yet to find a browser that doesn't drive me to strong drink...

[ByTeWrangler]

Use opera for all your browsing needs.

There are webpages where Opera will fail use IE there. However ensure every URL that you visit using IE is know (like microsoft, yahoo, windows live) but not links through google use !

You will never get infected through a webpage if you are visiting well known sites which take enough measure's to ensure integrity of their sites. But if you wander of searching through good it's better to use opera.

[westin]

Use opera for all your browsing needs.

There are webpages where Opera will fail use IE there. However ensure every URL that you visit using IE is know (like microsoft, yahoo, windows live) but not links through google use !

You will never get infected through a webpage if you are visiting well known sites which take enough measure's to ensure integrity of their sites. But if you wander of searching through good it's better to use opera.

Sounds like a great browsing solution. Use Opera for all of your browsing needs, except where it doesn't work... use a different browser there.

[seiferaistlinlp]

Sounds like a great browsing solution. Use Opera for all of your browsing needs, except where it doesn't work... use a different browser there.

And don't you dare go to websites you haven't heard of! Screw discovering new things!