Posted on 03/01/2005 3:07:13 PM PST by holymoly
Just a day after one security firm warned of a vulnerability in Firefox and Mozilla, a rival disclosed that another eight threaten the open-source browsers.
The Danish security firm Secunia on Tuesday laid out the flaws, most of which could be used by criminals to spoof, or fake, various aspects of a Web site, ranging from its SSL secure site icon to the contents of an inactive tab.
Other bugs can be exploited remotely by hackers able to introduce code of their own choosing on the vulnerable machine, possibly taking control of it or giving them access to files. For example, Firefox's extensions -- its name for plug-ins -- can be manipulated to create a temporary directory that can then be exploited by attacks to delete files from the computer. Another flaw in the automatic form filling feature -- used to quickly complete forms with personal information, or even credit card numbers -- could be exploited to trick users into divulging some of that information.
Secunia collectively rated the vulnerabilities as "Moderately Critical," and said that only Firefox has been fixed. Users should download the newest edition, Firefox 1.0.1, which was released last week.
The vulnerabilities have been corrected in Mozilla, but the patched edition, 1.7.6, has not yet been officially released. The same goes for Thunderbird, the Mozilla Foundation's free e-mail client, which is also susceptible to the bugs. Both Mozilla 1.7.6 and Thunderbird 1.0.1 should roll out this week, Mozilla has said.
Firefox 1.0.1 an be downloaded from the Mozilla Web site.
Thanks, tom.
IE for Mac hasn't been updated for a couple of years. Safari is an excellent browser with *almost* perfect pop-up blocking. It doesn't stop all the ones on Drudge's site but everyone else's are supressed instantly.
Obviously anything written by mere mortals CAN be hacked. The difference being that the Mozilla/Firefox vulnerabilities are already fixed on a fraction of the budget and resources that Microsoft would require, not to mention the most obvious, speed of response.
I saw your name and knew you must be in Hawaii! Thanks to everyone for the feedback on Safari.
I often wonder why people think open source is more secure. Being able to look at the source code makes it that much easier for the bad guys to be able to figure out how to hack it. Some argue that the fact that more people look at it (open source) makes it more secure. Frankly, I don't buy this. MSFT no doubt has tons of (full time) people looking at its software in house--including black teams who get paid to beat the system. No matter what the source is, the number of inherent software flaws increase with complexity.
They mentioned that the automatic updater will be activated in a few days to do automatic updates, but for now you have to either download the whole client from their main website or if you have broadband, you can download it FASTER with bittorrent:
http://bittorrent.mozilla.org
MS's security problems go a lot deeper than a browser "application." Explorer is integral to the OS, and all the other "functionality" did not anticipate the internet where you are essentially networked to the world.
Mark. Many thanks.
do you have a list of unknown browsers? :0
So what's the count now? 2422453563665834 to 10?
Thanks for the link, I just used it to download FF 1.0.1.
The problem is that Firefox has become too popular. Now that it has established itself, it has become a target. We'll probably see more of this.
Personally, I think that the users of Firefox are a bit more sophisticated than the typical IE user. They have a clearer idea what they should be able to expect from a good browser, and they will be less tollerant of bugs. The fixes should come out quickly.
Not so. Take a look at the numbers of SUCCESSFUL exploits of I.E. (A closed-source program).
Take a look at the numbers of SUCCESSFUL exploits of FireFox or Mozilla, the open-source programs.
If what you way were true ("it's that much easier"), then don't you think there would be a lot more hacks for the open-source ones?
Uh, the article does not mention viruses. These are "phishing" vulnerabilities. They might trick you into giving your credit card number to a bad guy, but they don't spread.
FWIW, the big one announced last week (or week before) was a flaw in the standard used for International Domain Names. Anyone who followed the standard was vulnerable. Microsoft I.E., for once, was not, since standards don't exist in Redmond.
Still, it's a phishing flaw, not a virus.
The things I like about IE aren't in FireFox and the great parts about FireFox aren't in IE.
Ping
Any software product given widespread use will attract hackers. Why do you think they roll all over Internet Explorer? Because millions and millions use it. As Firefox grows it will attract the sharks.
As for Firefox has anyone noticed the download that goes to random servers? At least whe you download netscape you are at Netscape.com. And Microsofts IE is just too big to download without broadband.
Could you give some examples?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.