Posted on 03/01/2005 3:07:13 PM PST by holymoly
Just a day after one security firm warned of a vulnerability in Firefox and Mozilla, a rival disclosed that another eight threaten the open-source browsers.
The Danish security firm Secunia on Tuesday laid out the flaws, most of which could be used by criminals to spoof, or fake, various aspects of a Web site, ranging from its SSL secure site icon to the contents of an inactive tab.
Other bugs can be exploited remotely by hackers able to introduce code of their own choosing on the vulnerable machine, possibly taking control of it or giving them access to files. For example, Firefox's extensions -- its name for plug-ins -- can be manipulated to create a temporary directory that can then be exploited by attacks to delete files from the computer. Another flaw in the automatic form filling feature -- used to quickly complete forms with personal information, or even credit card numbers -- could be exploited to trick users into divulging some of that information.
Secunia collectively rated the vulnerabilities as "Moderately Critical," and said that only Firefox has been fixed. Users should download the newest edition, Firefox 1.0.1, which was released last week.
The vulnerabilities have been corrected in Mozilla, but the patched edition, 1.7.6, has not yet been officially released. The same goes for Thunderbird, the Mozilla Foundation's free e-mail client, which is also susceptible to the bugs. Both Mozilla 1.7.6 and Thunderbird 1.0.1 should roll out this week, Mozilla has said.
Firefox 1.0.1 an be downloaded from the Mozilla Web site.
Best advice is to use some unknown browser that the hackers don't target.
They announce it on Tuesday, but it was fixed last week.
Good service, I'd say.
I have Firefox. Is there an easy way to download the update?
No updates. With Mozilla & Firefox, you have to download the whole thing.
I find myself using Opera more and more - with Java, Javascript and all plugins disabled.
Slightly off-topic... I have a Mac and currently use the dreaded IE, but would like to switch. What browser would you all recommend?
Some clown keeps hacking my Opera, all I have to do is reinstall it to fix it.
I know next to nothing about Macs... but what about Safari or Mozilla?
Safari
Ping.
Welcome to the big time, Mozilla.
Until last weekend I was still using OS 9.2, but just made the jump to Panther. I've played with Safari a bit. I might give that another try.
The aforementioned FireFox is pretty good on Mac, but I use Safari.
safari is very cool on OSX
Used Safari for years, love it. Particularly good with iGetter download manager.
Keep IE for non-standard compliant websites..
One reason OS 9 is still valuable is if you are playing with an ipod, because the version of iTunes for 9 allows a whole lot more versatility for moving mp3s. If your machine supports OS 9 I would leave it as a dual boot. OS X is certainly better, but 9 still has definite uses....
Impossible. Everyone knows only Microsoft is hackable and Open Source is virus-proof.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.