Exploit code chases two Firefox flaws (May 9, 2005)

ZDnet ^ | May 9, 2005 | Dawn Kawamotot

[CometBaby]

If you use the Firefox browser .. read this !! .. Two vulnerabilities in the popular Firefox browser have been rated "extremely critical" because exploit code is now available to take advantage of them. The cross-site scripting and remote system access flaws were discovered in Firefox version 1.0.3, but other versions may also be affected, said security company Secunia, which issued the ratings Sunday.

[Sols]

The history title issue is in no way related to the very old iframe and InstallTrigger bugs. They are two entirely different things. An article from MAY 2005 is in fact ancient news in DECEMBER 2005.

Hello folks, let's read the article we're discussing, please.

[NoCmpromiz]

Ummm.... The article you posted is from May. That's like seven months ago. In case you missed it, Mozilla fixed this almost immediately. (As opposed to myriads of IE flaws that MS knows about but takes years to fix...)

Maybe some attention to date would be in order, since this certainly is not 'breaking' news!

[burzum]

The most important thing that Firefox did was break Microsoft's monopoly on the browser. Now IE has popup blocking and the next version they will have tabs. Other features will follow. This is a good thing. While I have no problem with a natural monopoly, I believe that Microsoft abused their monopoly with the browser wars. Now that the browser wars have started again the quality of web browsers has skyrocketed. Microsoft is even faster on fixing security problems.

I use Firefox because I can't live without tabs and a reasonable popup blocker. If Microsoft makes a better browser I may switch (though they are probably about a year and a half behind right now).

[Poser]

Because Firefox has no auto-update function, there are lots of people still using older versions. This security problem will be real if the Microsoft hating virus writers divert their hate for a few seconds.

Of course, that will not happen.

[NoCmpromiz]

You might want to consider moving this from 'latest news' since it is from May, and is no longer an issue...

[CometBaby]

You may be right about that .. I don't recall anything from May. I only know that this is some form of exploit because I was *punked*. I am no techie .. but I am not exactly a newbie as my client is on the net 24/7.

Today I had problems with the slow bootup, and my computer was hanging (I have a P4 with 1 gig of memory)so there is no reason it should.

To make a long story short, I went in and cleared my history cache, set my saved days to zero .. problem gone.

[demlosers]

I'm running Firefox 1.5 as well .. you have to go in and clean our your History cache and set it to store for zero days. What I am hearing, is that it is presently affecting all versions .. even this newest one. They are working hard on a patch.

Will do. Thanks :)

[flashbunny]

Maybe you should warn secunia about hyping problems with a very old version of firefox.

[cooldog]

In the News/Activism forum, on a thread titled Exploit code chases two Firefox flaws, Poser wrote:

Because Firefox has no auto-update function, there are lots of people still using older versions. This security problem will be real if the Microsoft hating virus writers divert their hate for a few seconds.

Of course, that will not happen.

FireFox DOES auto-update ... if/when a little red circle with an up-arrow appears on the right-hand end the menu bar, just give it a single click. Couldn't be easier ...

[PAR35]

I'll just switch back to my Firebird 0.7 version. That should be safe.

[spunkets]

The link

<a href-"http://www.mozilla.org/security/history-title.html>(text goes here)</a>

[thoughtomator]

Version 1 Firefox browser is already on 1.07

[b4its2late]

I'm at 1.0.7

[Poser]

"FireFox DOES auto-update ... if/when a little red circle with an up-arrow appears on the right-hand end the menu bar, just give it a single click. Couldn't be easier"


You are describing something I have never seen. Are you running Linux?

[softwarecreator]

Maybe you should warn secunia about hyping problems with a very old version of firefox

HAHAHA.  Your'e probably right, but a lot of people are already making that suggestion!

[dr_who_2]

Any website that can kill firefox is Firefox's problem.

[cooldog]

I run Firefox on both WinXP and Linux. Let me see if I can find some info for you ....

Here you go: Firefox update info

[smith288]

You are describing something I have never seen. Are you running Linux?

I am on XP and i tnotifies me of an available update as well.

[Poser]

Thanks.

It was so small I never noticed it before.