Critical Firefox flaw exposed

**zba78** · 10-03-2006

http://tomshardware.co.uk/2006/10/02...ecurity_issue/

Seems pretty serious. Not sure how worried we should be

**techieMoe** · 10-03-2006

I use NoScript to block Javascript from everywhere but sites I absolutely trust. Move along. Nothing to see here.

***Roxoff*** · 10-03-2006

What, you mean they could get access to my computer and start running things as me, as a regular user?

Funny, but this doesn't fill me with the cold dread it would do if I were a Windows user.

**techieMoe** · 10-03-2006

Originally Posted by Roxoff

What, you mean they could get access to my computer and start running things as me, as a regular user?

Funny, but this doesn't fill me with the cold dread it would do if I were a Windows user.

Actually, the details of the exploit on MozDev says the only thing it can do right now is use up your memory and crash your browser. One of the fellows who showed this exploit has said:

I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly haven’t used it to take over anyone else’s computer and execute arbitrary code.

But yes, as Roxoff said, even if this were the case most Linux users aren't exactly quaking in their boots.

**fingal** · 10-03-2006

No worries here: I haven't had a FF crash in ages and I've submitted several bug reports (no real effort involved as FF gives you the option to do this very readily).

I also use the NoScript plugin. All in all we're pretty secure.

**easuter** · 10-03-2006

the article has a "Ha!! you thought you were using a better browser...fools!" tone to it......

i don't think all the vulnerabilities found in IE would fit in a 1000 page book, and they aren't publicly played up. actually, i hardly ever hear about specific IE vulns on sites like that.

Firefox Web browser, commonly perceived as the safer and more customizable alternative to market leader Internet Explorer, is critically flawed.

it even has a security map so all the dumb-witted can "see" the HUGE hole firefox has.

the guy who wrote the artile is obviously a windows zealot.

**techieMoe** · 10-03-2006

Originally Posted by easuter

the guy who wrote the artile is obviously a windows zealot.

I think it has more to do with "security firm employee ego" than anything. This is the second time it seems that people working for security firms have made a public spectacle of a flaw they discovered, only to make asses out of themselves in a misguided attempt to gain notoreity and (perhaps) a better job. The Maynor/Ellch/Ou MacBook Hack fiasco is a perfect example of this. The difference between them and these two is that the Firefox flaw seems to actually be real. I take fantastic statements about security flaws by a company that makes money off of them with a very large grain of salt, personally.

**bigtomrodney** · 10-03-2006

Don't worry about it folks - check this out - Slashdot Article

Thread Tools

Display

Critical Firefox flaw exposed

Posting Permissions