http://img317.imageshack.us/img317/9608/untitled35hf.gifSecurityFocus reports an unpatched highly critical vulnerability in Firefox 2.0 (http://www.securityfocus.com/bid/19488). This defect has been known since June 2006 but no patch has yet been made available. The developers claimed to have fixed the problem in 1.5.0.5 according to Secunia (http://secunia.com/secunia_research/2006-53/advisory/), but the problem still exists in 2.0 according to SecurityFocus (and I have witnessed the crash personally). If security is the main reason users should switch to Firefox, how do we explain known vulnerabilities remaining unpatched across major releases?

edit: The below link is a working example of the exploit. It should crash firefox so you are warned dont click it unless you really want to restart firefox.

test (http://www.zen95732.zen.co.uk/computers/firefox/ffoxdie.html)


:source: Source: http://it.slashdot.org/article.pl?sid=06/10/28/2115202

tried that link in ie7 crashed that too.:O

Nope did n't crash om me . But liked this comment .

CONGRATULATIONS!

Your browser is probably
NOT VULNERABLE, or your
computer is too fast.

Nothing happened to me. I have the NoScript extention installed, after disabling NoScript, and refreshing the page, Firefox crashed.

So as long as scripts are blocked, nothing happens. :)

Blah, mine closed :(

Didn't crash mine either :D Another NoScript user here.

Firefox is indeed safer with no scripts allowed. :D

Crashed :(
Owells, restore session ftw ;o

cool, I got to use the new restore session feature. :)

FireFox Is Aint
VULNERABLE

:P 10x mate good to know that im safe

tried that link in ie7 crashed that too.:O
Ditto.:(

Update: 10/30 12:57 GMT by KD : Jesse Ruderman wrote in with this correction.
"The article claims that Firefox 2 shipped with a known security hole This is incorrect; the hole is fixed in both Firefox 1.5.0.7 and Firefox 2. The source of the confusion is that the original version of this report demonstrated two crash bugs, one of which was a security hole and the other of which was just a too-much-recursion crash. The security hole has been fixed but we're still trying to figure out the best way to fix the too-much-recursion crash. The report has been updated to clear up the confusion."

btw just for the record, opera doesn't crash :P (although it slows down and it seemed to be using all the available bandwidth)

well, no pc at home atm, but i just used ie7final here at work twice and it did not crash. my ff on my pc has no script extension also, but once i get my pc up and running again i'll check out to see if ff crashes (without no script). thx for link.

thx for link.
:lol: Yea, thanks for the link that makes our browsers go nutz, and die.:happy: (I knew the risks, it's all good ;-) )

I remember some idiots complaining to the mods when muchspl2 post a link to a similar test despite his warnings that it would fuck up their browsers.:dry: (the mods even closed the thread)

Glad to see things have changed.:cool: