Guild Wars Forums - GW Guru
 
Forums Guild Wiki PvX Wiki
 

Go Back   Guild Wars Forums - GW Guru > Forest of True Sight > Technician's Corner
Reload this Page Firefox vulnerability could cause remote code excecution
Register FAQ Calendar Mark Forums Read

Notices

Closed Thread
Page 1 of 3 1 23 >
 
Thread Tools Display Modes
Old Jul 15, 2009, 02:42 AM // 02:42   #1
Core Guru
 
Brett Kuntz's Avatar
 
Join Date: Feb 2005
Advertisement

Disable Ads
Default Firefox vulnerability could cause remote code excecution
Quote:
Title: Mozilla Firefox 3.5 Remote Code Execution Vulnerability
Severity: HIGH
Description:

Mozilla Firefox is a web browser available for various platforms.

Firefox is prone to a remote code-execution vulnerability due to an unspecified error. This issue arises during the processing of JavaScript and may present itself when certain string characters are escaped and subsequently copied to a buffer.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions.

The issue affects Firefox 3.5; other versions may also be vulnerable.

The remote code execution was confirmed in Firefox 3.5 running on Microsoft Windows XP SP2. A crash was observed in Firefox 3.5 on Microsoft Windows XP SP3.
Affected Products:

* Mozilla Firefox 3.5.0
http://www.juniper.net/security/auto...vuln35660.html

In 2007 and 2008 FireFox was the most vulnerable browser which had the most critical level security issues. It looks like it's on track to get the title for a 3rd straight year!

If you like a secure browser and one with a minimal plug-in footprint:

IE7 or IE8 + http://www.ie7pro.com = The way to go
Brett Kuntz is offline  
Old Jul 15, 2009, 03:18 AM // 03:18   #2
Guest
 
Join Date: Oct 2008
Default
Or, you know, just use noscript, like everyone who uses firefox does.
Killamus is offline  
Old Jul 15, 2009, 03:21 AM // 03:21   #3
Lion's Arch Merchant
 
Join Date: Feb 2008
Guild: Looking For TA Guild!
Profession: W/
Default
DONT get IE, just run no-script on firefox and your fine or get google crome.
The Air Revenger is offline  
Old Jul 15, 2009, 03:22 AM // 03:22   #4
Ascalonian Squire
 
Sindo's Avatar
 
Join Date: May 2008
Guild: West Kentshire Pony Club [Pony]
Profession: Me/
Default
LOLZ!

IE is worse than Firefox without noscript.
Sindo is offline  
Old Jul 15, 2009, 03:43 AM // 03:43   #5
Furnace Stoker
 
MisterB's Avatar
 
Join Date: Oct 2005
Location: Planet Earth, Sol system, Milky Way galaxy
Guild: [ban]
Profession: W/
Default
http://noscript.net/

What JavaScript vulnerability?
MisterB is offline  
Old Jul 15, 2009, 03:44 AM // 03:44   #6
Desert Nomad
 
Braxton619's Avatar
 
Join Date: Jul 2008
Profession: A/W
Default
lmao IE has so many exploits is soooo funny... hahaahaha

btw firefox doesnt have many.. IE has tons and tons

Pretty much Firefox is unexploitable with No Script
Last edited by Braxton619; Jul 15, 2009 at 04:27 AM // 04:27..
Braxton619 is offline  
Old Jul 15, 2009, 06:17 AM // 06:17   #7
Furnace Stoker
 
Join Date: Oct 2006
Guild: GWAR
Profession: Me/Mo
Default
I use firefox and have done for a number of years noscript are two essentials for me.

I was completely sold on firefox the first time I crashed it
Came back after a reboot to the message firefox was unexpectedly shut down would you like to go back to the page you were on.

It remembered that page, all the other tabs and let me continue downloading a file from where I left off.
gremlin is offline  
Old Jul 15, 2009, 06:32 AM // 06:32   #8
Core Guru
 
Brett Kuntz's Avatar
 
Join Date: Feb 2005
Default
Quote:
Originally Posted by gremlin View Post
I use firefox and have done for a number of years noscript and adblock plus are two essentials for me.

I was completely sold on firefox the first time I crashed it
Came back after a reboot to the message firefox was unexpectedly shut down would you like to go back to the page you were on.

It remembered that page, all the other tabs and let me continue downloading a file from where I left off.
IE7/8 has always done that!
Brett Kuntz is offline  
Old Jul 15, 2009, 06:37 AM // 06:37   #9
Guest
 
Join Date: Oct 2008
Default
Quote:
Originally Posted by Kuntz View Post
IE7/8 has always done that!
Firefox has done that (At least on Linux) since IE5.

IE has a lot more holes, they're just patched faster then on Firefox.
Aside from the ease of use, that's the only difference.
Oh, and noscript, which stops 99% of the bugs that cause these anyways.
Killamus is offline  
Old Jul 15, 2009, 06:59 AM // 06:59   #10
Core Guru
 
Brett Kuntz's Avatar
 
Join Date: Feb 2005
Default
Quote:
Originally Posted by Killamus View Post
IE has a lot more holes, they're just patched faster then on Firefox.
But that is something you just made up and is not a fact. Firefox is the most vulnerable browser available to you, plug-ins or otherwise. It is amazing that if enough people lie in blogs about something, average people like you will believe it as fact, without ever doing your own research or asking any questions.

[LI] Firefox Security Superiority a Myth - Overclock.net - Overclocking.net

[INQ] Firefox fixes eight security flaws - Overclock.net - Overclocking.net

[TcMag] Mozilla Firefox comes up as most vulnerable application - Overclock.net - Overclocking.net

Quote:
Mozilla's popular internet browser Firefox has been recorded as the most vulnerable application amongst consumer software of 2007, says researchers from the Bit9. Both Firefox 2.x and Firefox 3.x were found to be open to attack from 40 well known severe vulnerabilities over the course of the 12 month analysis.
Quote:
There were 115 reported security vulnerabilities in Firefox last year [2008] -- almost twice as many as Internet Explorer and Apple's (Nasdaq: AAPL) Safari browser combined, according to a new report by the security researcher.
FireFox has 21% of the market share, but 50% of the security exploit share. It will get exponentially worse as the market share for FF increases.
Brett Kuntz is offline  
Old Jul 15, 2009, 07:01 AM // 07:01   #11
Ascalonian Squire
 
Koji Murasame's Avatar
 
Join Date: May 2009
Location: Kentucky
Guild: Knights of Ravens War [mvm]
Default
http://en.wikipedia.org/wiki/Compari...ulnerabilities

Yes, but you have to look at the whole picture. . .
Koji Murasame is offline  
Old Jul 15, 2009, 09:57 AM // 09:57   #12
Furnace Stoker
 
Join Date: Oct 2006
Guild: GWAR
Profession: Me/Mo
Default
Quote:
Originally Posted by Kuntz View Post
IE7/8 has always done that!
Really ?
Well sadly I jumped ship on IE years ago, they way I look at it is IE should be the best browser bar none and it isn't.
Windows media player should also be the best there is and it isn't.
Why ever not after all they are made by the people who wrote the operating system.

The only reason Microsoft make improvements is because everyone is deserting them for better options.
Then sometimes years later they catch up, if I use the alternatives I get the extras early.
Last edited by gremlin; Jul 15, 2009 at 09:59 AM // 09:59..
gremlin is offline  
Old Jul 15, 2009, 10:01 AM // 10:01   #13
Frost Gate Guardian
 
jackers1234's Avatar
 
Join Date: Jun 2006
Location: My House
Guild: N/A
Profession: Mo/Me
Default
i love firefox fanchildren, they provide me with much amusement =P

having said that, i do agree that firefox is ahead of ie interms of features and security.
jackers1234 is offline  
Old Jul 15, 2009, 11:40 AM // 11:40   #14
Guest
 
Join Date: Oct 2008
Default
Quote:
Originally Posted by Kuntz View Post
But that is something you just made up and is not a fact. Firefox is the most vulnerable browser available to you, plug-ins or otherwise. It is amazing that if enough people lie in blogs about something, average people like you will believe it as fact, without ever doing your own research or asking any questions.

[LI] Firefox Security Superiority a Myth - Overclock.net - Overclocking.net

[INQ] Firefox fixes eight security flaws - Overclock.net - Overclocking.net

[TcMag] Mozilla Firefox comes up as most vulnerable application - Overclock.net - Overclocking.net





FireFox has 21% of the market share, but 50% of the security exploit share. It will get exponentially worse as the market share for FF increases.
Out of all of the security flaws there, all of them were related to Javascript in some way. Which, if you're running noscript/adblock (As stated several times by myself, and every other person here defending FF) is a moot point. I honestly don't know why they don't release FF with noscript/adblock, it would make the browser so much more secure.

Also, I'll be petty here: At least Firefox is up to web standards.
http://en.wikipedia.org/wiki/Compari...rs#Acid_Scores
(Stupid wiki, I can't find the web browser standards comparison. I know it's there somewhere.)
Killamus is offline  
Old Jul 15, 2009, 03:55 PM // 15:55   #15
Technician's Corner Moderator
 
Tarun's Avatar
 
Join Date: Jan 2006
Location: The TARDIS
Guild: http://www.lunarsoft.net/ http://forums.lunarsoft.net/
Default
Never cared for NoScript. And with what they did with Adblock Plus, I'll never trust, use, or recommend them to anyone.

Why are people freaking out about vulnerabilities anyways? Nothing is secure or 100%. Firefox 3.5.1 is already in build 1 of the release candidate stage, posted earlier this morning.
Tarun is offline  
Old Jul 15, 2009, 03:59 PM // 15:59   #16
rattus rattus
 
Snograt's Avatar
 
Join Date: Jan 2006
Location: London, UK GMT±0 ±1hr DST
Guild: [GURU]GW [wiki]GW2
Profession: R/
Default
It will be interesting when Windows 7 comes along and people have to actually choose which browser to use.
__________________
Si non confectus, non reficiat
Snograt is offline  
Old Jul 15, 2009, 04:08 PM // 16:08   #17
So Serious...
 
Fril Estelin's Avatar
 
Join Date: Jan 2007
Location: London
Guild: Nerfs Are [WHAK]
Profession: E/
Default
Quote:
Originally Posted by Snograt View Post
It will be interesting when Windows 7 comes along and people have to actually choose which browser to use.
Most people won't choose: they'll use the one(s) they were using before, market shares haven't moved significantly in a while.

As Tarun said, FF is completely safe as it's a push-update, people will see the update window as soon as the patch is ready, which should be soon.
Last edited by Fril Estelin; Jul 15, 2009 at 04:21 PM // 16:21..
Fril Estelin is offline  
Old Jul 15, 2009, 05:03 PM // 17:03   #18
Alcoholic From Yale
 
Snow Bunny's Avatar
 
Join Date: Jul 2007
Guild: Strong Foreign Policy [sFp]
Default
If chrome looked like Firefox, I'd use chrome.

SORRY GUYS ILL STILL USE FIREFOX3.

Also safari is a mac product which means hipster which means sucka deez nutz.
Snow Bunny is offline  
Old Jul 15, 2009, 07:53 PM // 19:53   #19
Frost Gate Guardian
 
Rhododendron's Avatar
 
Join Date: Jun 2009
Profession: Rt/
Default
That's not nice Kuntz, as one of the "average people", i would have loved to see the links you posted as a well documented person, but they are broken.
Rhododendron is offline  
Old Jul 15, 2009, 08:34 PM // 20:34   #20
Core Guru
 
Brett Kuntz's Avatar
 
Join Date: Feb 2005
Default
Quote:
Originally Posted by Rhododendron View Post
That's not nice Kuntz, as one of the "average people", i would have loved to see the links you posted as a well documented person, but they are broken.
All links provided work, your work/school is blocking you if they do not, or you have a bunk internet connection.
Brett Kuntz is offline  
Closed Thread
Page 1 of 3 1 23 >

Share This Forum!  
 
 
           

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 05:23 AM // 05:23.

Contact Us - Guild Wars Guru - Archive - Privacy Statement - Top

Powered by: vBulletin
Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("