Page 1 of 2 12 LastLast
Results 1 to 25 of 33
  1. #1
    Web Ho - Design B!tch ~Michelle's Avatar
    Join Date
    January 18th, 2005
    Location
    Michigan
    Posts
    2,040
    Critical Flaw Found in Firefox
    Firefox has unpatched "extremely critical" security holes and exploit code is already circulating on the Net, security researchers have warned.

    The two unpatched flaws in the Mozilla browser could allow an attacker to take control of your system.
    A patch is expected shortly, but in the meantime users can protect themselves by switching off JavaScript. In addition, the Mozilla Foundation has now made the flaws effectively impossible to exploit by changes to the server-side download mechanism on the update.mozilla.org and addons.mozilla.org sites, according to security experts.


    http://news.yahoo.com/s/pcworld/120756
    ~Michelle
    "All I ask is a chance to prove that money can't make me happy."
    "Work to become, not to acquire." -- Confucius

  2. #2
    lurk
    Join Date
    March 25th, 2005
    Posts
    355
    I have to rub this in my co-wokers face who things firefox is god... hehe.

  3. #3
    I like traffic lights
    Join Date
    January 18th, 2005
    Location
    Southern hemisphere - away from Fukushima
    Posts
    2,936
    Didn't you read the last sentence?

    Firefox still pisses all over IE in the security stakes. hehe.

  4. #4
    ABW Ambassador
    Join Date
    January 17th, 2005
    Posts
    530
    I just checked my awstats with my 6 sites and it shows the following
    percent of my visitors use Internet Explorer:
    Site 1: 93.2%
    Site 2: 99.7%
    Site 3: 100%
    Site 4: 92.1%
    Site 5: 99.8%
    Site 6: 93.4%

  5. #5
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    4,423
    Waybar, do your sites work in firefox? I always see people talking about the low non-IE users of their site, and then check the sites to realize they only work in IE.

    I promote non-IE browsers and have for quite a bit of time. We are down to under 50% IE on a site that gets over 30,000 uniques a day.

    Being happy for any browser issue is just amazingly short-sighted.

    Chet

  6. #6
    MasterMike HardwareGeek's Avatar
    Join Date
    January 18th, 2005
    Posts
    3,810
    firefox sounds more like IE daily and OSX sounds more like Windows daily with all the security flaws popping up. This falw in firefox can basically be used by spyware idiots if you think about it.

  7. #7
    Devil's Reject Electropulse's Avatar
    Join Date
    January 18th, 2005
    Posts
    987
    it breaks down like this

    99.9% of the regular IE users have some sort of bho's on their system.

    100% of regular firefox users are immune to it.

    firerfox rocks!

  8. #8
    ABW Ambassador
    Join Date
    January 17th, 2005
    Posts
    530
    Quote Originally Posted by chetf
    Waybar, do your sites work in firefox? I always see people talking about the low non-IE users of their site, and then check the sites to realize they only work in IE.

    Chet
    Yes, I have Firefox downloaded on my computer for the purpose of checking
    my sites. All of my sites work fine in Firefox. I prefer IE over Firefox, after
    the SP2 update it is much more secure than in the past. What a lot of
    people don't realize is, a lot of the spyware and other crap is downloaded
    onto their computers from their kids downloading games and other free
    stuff, and once you get it on your computer it will work on Firefox just as
    well as IE. Firefox users are not immune to it.

    But I do recommend Firefox if you don't have WindowsXP with
    the SP2 update.

  9. #9
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    No internet-related product can ever be 100% secure, except Firefox is intrinsically more secure than IE because it doesn't support ActiveX and isn't tied into the OS, also it doesn't use BHOs and plugins in the same way. Even if your version of IE is infected, Firefox should run just fine.

    These security holes are a PITA, but I betcha the Firefox flaws will be fixed in a couple of days.

    I just checked my busiest site at the moment, and it's 80% IE, 17% Mozilla/Firefox, 2% Opera and 1% Safari. On two other sites, Mozilla/Firefox is at 14% and 10% respectively.

    (Incidentally, despite the signature I don't actually use Firefox myself, I use Mozilla 1.7 which is based on the same open platform).
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  10. #10
    Affiliate Manager
    Join Date
    January 18th, 2005
    Location
    Los Angeles, California
    Posts
    1,913
    Quote Originally Posted by Dynamoo
    No internet-related product can ever be 100% secure, except Firefox is intrinsically more secure than IE because it doesn't support ActiveX and isn't tied into the OS, also it doesn't use BHOs and plugins in the same way. Even if your version of IE is infected, Firefox should run just fine.

    These security holes are a PITA, but I betcha the Firefox flaws will be fixed in a couple of days.
    The fix was made available in under 48 hours:
    http://www.mozilla.org/products/firefox/

    It's also worth noting that although this bug was classified as "critical" by some security experts, that has to do with the mechanism at play and is not a reflection of any actual risk.

    In the security advisory from Mozilla.org they pointed out that the risk was reported to them from a researcher, and that there were no known active exploits of the vulnerability.

    During the brief 48-hour window before the issue was resolved it only affected the very small subset of users who had gone out of their way to extend their Preferences to include sites other than mozilla.org as valid locations for getting updates, and the risk was greatly minimized within an hour of receiving the report by changes to the updates server at mozilla.org.

    Compare that with the tens of billions of dollars lost to Microsoft-specific viruses.

    I used to be of the opinion that Microsoft-specific vulnerabilities are more common only because their antitrust practices (found guilty by dozens of governments worldwide) have afforded them the greatest marketshare. While no doubt that's a contributing factor, when you look into the details of the vulnerabilities and the history of development practices within the company you may get a different perspective.

    ActiveX is a big part of this, as are many other design decisions. I became aware of these years ago when an MS Word virus was costing us all a few hundred million. At the heart of the first of those attacks was a decision to allow scripts to turn off critical security features. While that's since been closed, at the time they considered that a "feature".

    To implement such a "feature" in a company that size requires meetings and reviews by at least a dozen people. In the Microsoft culture of the time, apparently none of them were thinking about the security aspects of their decision.

    Since then Microsoft has indeed changed many things about their development style, but they have so many hundreds of thousands of lines of legacy code in XP that we can expect a disproportionate cost associated with virus management through the life cycle of that OS.

    Longhorn may change things. The proof will be in the pudding....
    Richard Gaskin
    Developer of WebMerge: Publish any data feed on any site
    http://www.fourthworld.com

  11. #11
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    4,423
    Quote Originally Posted by waybar
    What a lot of
    people don't realize is, a lot of the spyware and other crap is downloaded
    onto their computers from their kids downloading games and other free
    stuff, and once you get it on your computer it will work on Firefox just as
    well as IE.
    This is not true of BHOs and many parasites.

    And Richard you nailed it.

    Chet

  12. #12
    ABW Ambassador
    Join Date
    January 17th, 2005
    Posts
    530
    Download 180's Zango Search Assistant and see if you don't still get the popups
    using Firefox. That is one of the most pesky spyware products. Firefox will not stop
    the popups, because it is not part of the webpage, it is a program running on your
    computer.

  13. #13
    ABW Ambassador webmarm's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,713
    If hackers are targetting Firefox already for fun and frolic, BHO's won't be far behind for profit.

    Gotta go update now. I'm lazy and mainly use IE. But I'm a security nut and have most things tweeked up pretty high both in my browser and my firewall.

  14. #14
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    Quote Originally Posted by waybar
    Download 180's Zango Search Assistant and see if you don't still get the popups
    using Firefox. That is one of the most pesky spyware products. Firefox will not stop
    the popups, because it is not part of the webpage, it is a program running on your
    computer.
    It's a BHO integrated into IE, so it won't impact on Firefox. OK.. so there are several components to some of this scumware, some of which runs as a background process. Of course, you won't get a drive-by download of 180 with Firefox in the first place.. at least not yet.

    Look.. the bottom line is that ANY browser is safer than IE on Windows, be it Mozilla, Firefox, Opera or whatever. That's partly because of security through obscurity but also partly because the security model on IE sucks incredibly badly.

    It's not the only bad bit of software.. Sun's Java VM is even worse for bugs that Microsoft's version and the update process is incredibly unreliable. Acrobat is full of critical bugs. Instant messaging programs are a nightmare.

    I like to mix stuff up.. only my OS comes from Microsoft, my email client, firewall, browser and anti-virus software all come from different vendors. Each one has its own built-in security features and the variety of products make the system more resilient.
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  15. #15
    ABW Ambassador
    Join Date
    January 17th, 2005
    Posts
    530
    You won't get a driveby download of 180 with Firefox, but that doesn't mean your
    kids or even yourself won't download it bundled with other free programs. That is
    how most of this crap is getting onto peoples computers now. And I have tested
    Zango with Firefox, and I do still get the popups when using Firefox. I have both IE
    and Firefox on my computer, so I don't know if I would still get the popups if I didn't
    have IE on my computer, just know that when I am using Firefox and not IE I still
    get the Zango popups.

  16. #16
    ABW Ambassador
    Join Date
    January 17th, 2005
    Posts
    530
    I just downloaded Zango again to test it, and I can't get it to popup on neither
    Firefox or IE now. I've always gotten popups with IE before, and I know I've had
    popups when using Firefox before also, so will have to keep testing some more.
    I usually test Zango with Clickbank merchants, because I can usually get a lot of
    popups with their sites. There is one site where I always get a popup, but right now
    I'm not getting a popup with either browser. Maybe Zango has stopped their
    parasitic practices, NAH, that would be too good to be true.
    I agree that ActiveX was a big problem with IE before they came out with
    the SP2 update for Windows XP, but that update fixed a lot of these problems. I have WindowsXP SP2 and have never gotten a driveby download. Not saying there are not other problems, just think it is a lot better now than
    it used to be in the past.

  17. #17
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    Zango/nCase/180solutions is a complex parasite with several different variants, so you could well see different behaviour depending on the version.

    To be honest, I've only ever seen it bundled as part of a virus download rather than with a legitimate program, so my experience is probably different.

    Maybe it's time to buy a Mac, eh?
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  18. #18
    ABW Ambassador
    Join Date
    January 17th, 2005
    Posts
    530
    You can go to their site http://www.zango.com and see many of the downloads
    they are bundling it with. They have been getting more into the downloads now
    since Microsoft came out with the SP2 update and stopped a lot of the driveby downloads.

  19. #19
    ABW Ambassador AddHandler's Avatar
    Join Date
    January 19th, 2005
    Posts
    1,270
    99% of my visitors use IE...

    Yes my sites work perfectly in all browsers..
    IE
    Netscrape
    FireFox

    I make sure my sites work and look the same in all browsers before uploading them...
    I have found that FireFox is a bit of a hassle to work with CSS.. it interpretes differently than NETSCAPE or IE...

    As far as I am concerned it would make my job A LOT easier if everyone just used IE..

    And seeing as 99% of my vistors use IE - I don't know why I even bother looking at any of my sites in NETSCAPE or FIREFOX.. But I like my stuff to be cross browser compatible even if only 1 person a month visits my sites using FIREFOX... I just don't want that ONE PERSON to see a scrabbled page...

  20. #20
    ABW Ambassador
    Join Date
    January 17th, 2005
    Posts
    530
    Well, I don't know what happened, but I'm just not getting any popups today from
    Zango with either browser. I was just testing it the last two days and was getting
    popups, maybe they recognized my IP as doing a lot of testing and shut it off for
    me, I don't know. I've done a lot of testing with Zango and this is the first that I
    haven't been able to get any popups.

  21. #21
    I haven't figured that yet. My friends and I are also using MOzilla firefox. Thanx for the info...

  22. #22
    I like traffic lights
    Join Date
    January 18th, 2005
    Location
    Southern hemisphere - away from Fukushima
    Posts
    2,936
    Good post, Richard.

    I'm happy to say that I've generated almost 25,000 Get Firefox downloads from my buttons spread over my sites, working for all affiliates to help restore their commission levels to what they should be.

    Attempting to defend Microsoft of their piss poor security record is not doing affiliates any favours. Microsoft needs to be taken around the back and introduced to the sharp end of a Rottweiller.

  23. #23
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    Heheh.. I've noticed you waaaaaaay up in the Spread Firefox league tables Drewbert.. you're only... errrr.. 24,000 downloads ahead of me!

    What gets me about the IE vs Firefox (vs Mozilla vs Opera) debate is how many IE users are just incredibly stubborn. Firefox is, in most cases, a much better product than IE. Little things like tabbed browsing and password management perhaps, but if you use the web a LOT then they're useful.

    Tabbed browsing in particular is great. Right at the moment, I'm doing site maintenance and updating links, I have one instance of Mozilla running with 14 pages open for the maintenance, and another instance with 6 pages open for everything else including ABW. That just uses two places on the taskbar for 20 different web pages. Try that with IE and you'll get a mess.
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  24. #24
    ABW Ambassador
    Join Date
    January 17th, 2005
    Posts
    530
    I'm not saying Firefox is a bad browser, it is a good browser and if you prefer to use
    it then that is great. I agree that IE has had a lot of problems, I'm just saying that it
    is much better now than it has been in the past, with the SP2 update. Myself, I prefer
    using IE. But if people don't have WindowsXP with the SP2 update, then they should
    use Firefox, or at least set all ActiveX to prompt. ActiveX was the biggest problem with
    IE, but it is getting better.

  25. #25
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    One good thing though is that Firefox has prompted MS to start developing IE7.. until Firefox started to eat into market share, they were happing to stick with IE6 forever.
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

+ Reply to Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Just found this great firefox plugin...
    By MoneyBusiness in forum Midnight Cafe'
    Replies: 22
    Last Post: August 23rd, 2007, 08:59 AM
  2. Critical Firefox hole allows password theft
    By Trust in forum Midnight Cafe'
    Replies: 0
    Last Post: November 25th, 2006, 03:22 PM
  3. Firefox extension allows analytics to be viewed in firefox.
    By jrb16915 in forum Rakuten LinkShare - LS
    Replies: 3
    Last Post: November 9th, 2005, 04:09 PM
  4. Security Flaw in Firefox
    By waybar in forum Midnight Cafe'
    Replies: 9
    Last Post: February 14th, 2005, 10:51 AM
  5. Yet Another Microsoft Flaw
    By Dynamoo in forum Midnight Cafe'
    Replies: 0
    Last Post: February 10th, 2004, 03:15 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •