Posted on 02/09/2006 9:50:40 AM PST by ShadowAce
Computer code that could be used in cyberattacks on Firefox users has been released, increasing the urgency for people to upgrade to the latest version of the Web browser.
The two pieces of exploit code, posted online earlier this week, take advantage of a security vulnerability in Firefox that Mozilla patched in an update Thursday. In response to the exploit release, the browser maker on Tuesday upgraded the severity rating of the flaw from "moderate" to "critical," its most serious rating.
"This exploit was published after we released the 1.5.0.1 update," said Mike Schroepfer, vice president of engineering at Mozilla. "Most of our users had already been upgraded by the time this exploit was published."
The code could be used to commandeer computers running a vulnerable version of the open-source Web browser on Linux or Mac OS X systems. It has been published as part of the Metasploit Framework, a widely used hacking tool.
The specific flaw exists only in Firefox 1.5 and was fixed in Firefox 1.5.0.1. The problem could cause a memory corruption an outsider could use to run code on a vulnerable PC, according to a Mozilla advisory. The corruption would come from calling the "QueryInterface" method of the Location and Navigator objects in the browser.
Firefox users have already been urged to install the patched version of the browser. Security monitoring company Secunia last week rated the Firefox update "highly critical," and Mozilla has pushed out updates.
If for some reason users have not upgraded, they should definitely do so, Schroepfer said.
I think writing software so that its easy to interface with for a third party is a good thing! Now maybe they need a separate project at mozilla to certify the cream from the crap in the extensions pile but its certainly not the job of the people who code FireFox itself.
If I'd been an extension writer, I'd have long ago given up on trying to keep up with the changes, and some have.
And others have written extensions that survive a version change.
Spoken with all the zealotry and bitterness I'd expect.
Good day.
Also "Mozilla is not ready for Prime Time and never will be. " is a pretty sweeping statement. One tends to wonder what is behind such comments.
Because some poorly written third party software breaks FireFox itself is not ready?
It's only a curiosity for geeks.
A 10% market share says differently, with the exception of IE it is bigger than every browser out there *PUT TOGETHER*. But Im am sure to you there is only one browser and bill gates is its Profit.
For close to a year there was a major flaw, where uninstalling Firefox took out the whole frickin' Program Files folder with it.
So because it *used* to have a flaw its not now ready for prime time? wow!
Why should I sing the praises of something like that?
Who asked you to? my question is why are you trolling FR threads and, apparently, MoZine for something you dont use and dont like?
What an ignorant statement.
Accurate after the recent WMF fiasco.
Ooooh la la! All of a sudden I have three fanbois on my back, alluding that I'm some kind of MS troll. If the fanbois would'nt get so frenzied they might check out my posts over the years concerning Mozilla, my fights with Bush2000, etc.
All you guys are doing is making my point for me. I or anyone else need not go to MoZine to find the zit farmers who knows all.
Firefox is not ready for the general populace. It's still a lab rat.
Live with it.
I don't think you're an MS troll, I never said so... I asked if you don't use firefox and hate firefox why are you here and why do you spend so much time on MoZine?
All you guys are doing is making my point for me.
Hmm what point would that be, people here have asked question and gotten at worst "Ill have to look at that later but Ill check it out for you". You OTOH came spoiling for a fight.
Firefox is not ready for the general populace.
Based on what? some people have written bad third party software for it? the fact that when it was beta more than a year ago the upgrade utility was poorly implemented? the fact that they dont lock people out of interfacing and writing extensions for it? or the fact it has a higher market share than every browser on the market except IE?
Why not? That's the standard for blaming Microsoft.
Really? example?
Read at home ping.
Oh, puleeze.
example?
That should change, too.
I don't blame Microsoft when the problem isn't their fault.
Hell, Sound Blaster was in business for a couple years before they figured out how to write a driver that didn't crash 1 out of 20 Windows boxes.
Probably 90% of every BSD I ever saw was related to a third-party coder, but 100% of them were blamed on MS.
Not that MS doesn't deserve most of the hostility towards it as pertains to security and application execution.
I hate that my favorite Theme, Charamel, is not supported by FF 1.5 and above. I hesitate to update to the latest version of Thunderbird because I'm afraid I'll lose Charamel there, too.
agree, but it has a BIG part of it. i notice my opera browser gets less warning then FF or IE. is it more secure? no, it's in deep third place.
the only true advantage to open source is that stuff gets fix fast.
Spoiling for a fight? You argue like a Leftist. I made a post, some pinhead tried to give me a lecture about anger, and I lit into him like stench on a hippie. Then you and another decided to jump in. Don't try and blame me for your being a banty rooster.
By the way, Foghorn, I used to spend time at MoZine, until I saw it for what it is. Don't act like you know with seeming authoity where I surf or not.
As far as it not being ready for just anyone, how many have just grown tired of all the changes? How many Mom and Pop types want to keep up with it? I'm no IT guy, but I'm an informed enough type I won't get taken for a ride when I go to Best Buy, but all in all a computer user, and I've grown tired of the geek and tweak appeal.
I know that Firefox is a bunch of people trying to break the Mozilla browser down into components. Maybe that's part of the problem. Too many cooks, and no recipe, no well defined roadmap. I find it astonishing that such a major flaw as erasing the whole Program Files folder taking a year to fix not only doesn't raise any eyebrows, but brings the fanboi types to shoot the messenger with such idiocy as "ummm, well, it don't do it now, does it"? It took almost a year to fix something that at the very least crippled the OS, for crying out loud! Sell that to the general populace.
No, I'm sure you'd rather keep that quiet. Let's not give anybody any doubts as to who is at the helm of their wonderful alternative browsing experience.
And yet I'm supposed to take the fanbois seriously and sing in harmony? Yeah, right.
Correction:
Technically, it's the Netscape browser they're cannibalizing. Netscape gave the the source code back in '98.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.