Posted on 10/02/2006 2:49:35 PM PDT by Ernest_at_the_Beach
fyi
I call BS on the "unfixable" part.
Besides, using NoScript renders this unconfirmed vulnerability totally impotent.
Might be a good article for the tech ping list.
Firefox vulnerable to JavaScript hackers
***************************************
By Stan Beer
Tuesday, 03 October 2006 | |
Two hackers have detailed a serious security flaw in the Firefox web browser that would enable attackers to gain control of any computer running the Internet Explorer rival regardless the underlying operating system. According to Mischa Spiegelmock and Andrew Wbeelsoi, who gave a detailed presentation at the ToorCon hacker conference in San Diego on Saturday, the vulnerability is not able to be patched unless Mozilla rewrites key sections of its JavaScript code. The two hackers gave a detailed presentation on stage showing a slide with key information on how to exploit the vulnerability. They said that a hacker could gain control of a computer which visits a web page containing malicious JavaScript code. Mozilla is taking the presentation seriously and is reportedly annoyed at the way the hackers disclosed the exploit in enough detail for a hacker to repoduce it. What was even more disturbing to Mozilla is that Spiegelmock and Wbeelsoi claim to have knowledge of about 30 Firefox vulnerabilities and have no intention of responsibly disclosing them to Mozilla. It seems that the US$500 a flaw bounty that Mozilla is willing to pay hackers who find genuine vulnerabilities was not enough incentive to dissuade the two hackers from contributing to the sort of environment that forces internet users to be wary of what sites they visit. Only WireTalkers can write comments.
|
Ok, being a Mozilla, Firefox fan, will someone please translate all that for me.
Extra protection for your Firefox: NoScript allows JavaScript, Java and other executable content only for trusted domains of your choice, e.g. your home-banking web site.
This whitelist based preemptive blocking approach prevents exploitation of security vulnerabilities (known and even unknown!) with no loss of functionality...
Experts do agree: Firefox is really safer with NoScript ;-)
Works with:
![]() |
Firefox | 1.0 - 3.0a1 | ALL |
![]() |
Mozilla | 1.7 - 1.8 | ALL |
![]() |
SeaMonkey | 1.0 - 1.5a | ALL |
When I click on it, it says "Document not found".
So, no. Don't download it.
:)
Thank you. I have never had any issues with Firefox and I allow javascript sites to load. Selectively.
https://addons.mozilla.org/firefox/722/
You can get it on that page.
And I think the link I set up works....so maybe Bigh4u2 is just having fun....
Thanks.
I've never had java till I got this computer. I don't even know what the heck java is.
Ah, thank you.
one correction,. to post #11
...I said I did a right click with the mouse button,...it is actually a left click....
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.