Your Ad Here Your Ad Here
Results 1 to 10 of 10

Thread: 'Highly Critical' Flaw in Firefox 2.0

  1. #1
    Hairbautt's Avatar *haircut
    Join Date
    Jul 2004
    Location
    Florida
    Age
    20
    Posts
    11,028
    A new security flaw, rated as "highly critical", has been discovered in Firefox 2.0+ by the security firm, Secunia.


    The security hole involves a 'special' Uniform Resource Identifier (URI) handler where, according to Secunia, "Firefox registers the "firefoxurl://" URI handler and allows invoking Firefox with arbitrary command line arguments."

    Thor Larholm--a computer security expert and a Senior Security Researcher for PivX Solutions, LLC--originally thought Internet Explorer was the culprit, but according to Secunia, "a malicious site visited in Internet Explorer could pass parameters using that URI handler that would be run automatically in Firefox, without any sort of validation."

    They recommend that you do not visit any untrusted sites until the problem is resolved.

    Source: BetaNews
    Related: Neowin.Net

    July 17, 2007
    Neowin.Net: Cross-browser Firefox/IE flaw worsens
    Last edited by Hairbautt; 07-18-2007 at 12:05 AM. Reason: last minute editing, sorry...
    _________________________________________________________________________________________
    Last edited by Alien5; Jun 6th, 2006 at
    06:36 PM..

  2. News (Archive)   -   #2
    4play's Avatar knob jockey
    Join Date
    Jan 2003
    Location
    London
    Age
    35
    Posts
    5,530
    click me bottom of the page is the test for this vuln click it then tick the box marked remember what i do etc.... and then press cancel. should now be safe.

  3. News (Archive)   -   #3
    Demigod's Avatar Poster BT Rep: +35BT Rep +35BT Rep +35BT Rep +35BT Rep +35BT Rep +35BT Rep +35
    Join Date
    Dec 2006
    Posts
    531
    I'm tired of people thinking that if they browse with Firefox, they are automatically invincible to all the viruses and worms that crawl the internet.

    Statistically speaking, Opera is the best choice (in terms of speed and security) for Windows-users.

    Look here:

    http://mywebpages.comcast.net/Suppor...efoxMyths.html

  4. News (Archive)   -   #4
    Hairbautt's Avatar *haircut
    Join Date
    Jul 2004
    Location
    Florida
    Age
    20
    Posts
    11,028
    I think Safari claims to be the fastest...and "the world's best browser."

    http://www.apple.com/downloads/ (Check right side)
    _________________________________________________________________________________________
    Last edited by Alien5; Jun 6th, 2006 at
    06:36 PM..

  5. News (Archive)   -   #5
    4play's Avatar knob jockey
    Join Date
    Jan 2003
    Location
    London
    Age
    35
    Posts
    5,530
    yep safari must be the most secure since the first day the windows version is released and flaws were found and 4 of the 6 current flaws are unpatched

    opera has a decent enough track record but if you really want security go with lynx there has only ever been 2 exploits found and they have both been patched.

    edit: this story gets better turns out the exploit is also internet explorer related. internet explorer does not perform validation on the input before being passed along to firefox. firefox on its own will throw up warning if you click a nasty link.
    Last edited by 4play; 07-11-2007 at 12:59 AM.

  6. News (Archive)   -   #6
    myminpins's Avatar Poster
    Join Date
    Jun 2007
    Location
    Dartmouth, NS Canada
    Posts
    61
    I love my Opera... don't really know why ANYONE uses IE any more... lol

    Excellent read!!!!!
    Last edited by myminpins; 07-12-2007 at 11:16 AM.

  7. News (Archive)   -   #7
    lynx's Avatar .
    Join Date
    Sep 2002
    Location
    Yorkshire, England
    Posts
    9,810
    The reasons why fewer security holes have been found in Opera, Safari and Lynx (copyright theft?) is because there aren't as many people looking. It doesn't mean that the holes aren't there. The same argument used to be trotted about Firefox.

    The link is still caught in an IE tab within Firefox (but beware, even if you select cancel, IE still launches the app ).

    In reality, this only a security hole if you have Firefox installed but continue to use IE. Why anyone would want to do that is beyond me.
    Last edited by lynx; 07-12-2007 at 11:50 AM.
    .
    Political correctness is based on the principle that it's possible to pick up a turd by the clean end.

  8. News (Archive)   -   #8
    Cheese's Avatar Poster
    Join Date
    Sep 2003
    Location
    is everything.
    Age
    40
    Posts
    19,023
    Quote Originally Posted by lynx View Post

    In reality, this only a security hole if you have Firefox installed but continue to use IE. Why anyone would want to do that is beyond me.
    Sadly I have to at work as one website I have to use in my job does not work on Firefox (it barely works in IE).

  9. News (Archive)   -   #9
    ulun64's Avatar Poster
    Join Date
    May 2007
    Location
    Kuala Lumpur, Malaysia, M
    Posts
    217
    Quote Originally Posted by Hairbautt View Post
    I think Safari claims to be the fastest...and "the world's best browser."

    http://www.apple.com/downloads/ (Check right side)
    Safari is the best browser in MacOSX but not in windows. It's system hogger in windows.


    Quote Originally Posted by lynx View Post
    The reasons why fewer security holes have been found in Opera, Safari and Lynx (copyright theft?) is because there aren't as many people looking. It doesn't mean that the holes aren't there. The same argument used to be trotted about Firefox.

    The link is still caught in an IE tab within Firefox (but beware, even if you select cancel, IE still launches the app ).

    In reality, this only a security hole if you have Firefox installed but continue to use IE. Why anyone would want to do that is beyond me.
    Opera also have security holes but Opera fixed 100% of all it's security bug problem. Making it's the most secure browsers in Windows atm.

    http://operawatch.com/news/2007/01/w...lly-fixed.html

    I'm using Opera most of time. Sometime I used IE cos certain website don't like Opera. I used Firefox before but it's too slow so I abandon it.

  10. News (Archive)   -   #10
    lynx's Avatar .
    Join Date
    Sep 2002
    Location
    Yorkshire, England
    Posts
    9,810
    Quote Originally Posted by ulun64 View Post
    Opera also have security holes but Opera fixed 100% of all it's security bug problem. Making it's the most secure browsers in Windows atm.
    No, you still haven't got it.

    Just because there are few people looking for security holes does not mean they don't exist. All the creators of browsers fix the security holes when they are found (eventually), that doesn't make any particular browser more secure than any other.

    On the downside, if there are few people looking for security holes then any security holes that exist are more likely to go undiscovered. That makes such browsers potentially the least secure.

    I'm not saying that Opera is any better or worse than other browsers, merely pointing out that your assumption does not have a valid basis.
    .
    Political correctness is based on the principle that it's possible to pick up a turd by the clean end.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •