DailyApps: Firefox Security Threat – Google is vulnerable
Thilak
· 2 years ago
The problem is not with Firefox. IE has bugs, but most of them are still not discovered. In the open source community, bugs will be discovered as soon as it releases
Z@ck
· 2 years ago
Is this about IE of firefox @Thilak??
Use a seperate forum to yarp abt IE. Atleast when M/soft gets a bug alert if patches
If the Moz folks knew abt this and they didnt patch..thats a bad thingie to be doing to the fans out there..
RMD
· 2 years ago
Thilak - what do you mean the problem is not with Firefox? Of course it is.
As far as IE having bugs... of course it does, all reasonably complex software has bugs.
But IE 7 on Vista (with Protected Mode) is probably the safest way to browse the web. There has not been a SINGLE exploit that can target a user using IE 7/Protected Mode.
Julio Biason
· 2 years ago
I was thinking: to know what to do with a JAR file, Firefox needs the Java plugin; without it, Firefox would show you the options to select an application to open it or save it to disk.
So... isn't it a Java security flaw instead?
donnie
· 2 years ago
thilak, did i read the same article as you? how is the problem not with firefox? what does this have to do with ie? from what i read, it seems there is indeed a problem with firefox and mentions nothing about ie.
shortshire
· 2 years ago
There will always be bugs for open source products, but with the bugs come a giant community of people to willing to fix it. The firefox community has a massive amount of developers creating new apps for it all the time. IE has more bugs than any browser, phishing sites exploit these flaws because IE is the default browser in Windows.
Karthik Kastury
· 2 years ago
Yes indeed the problem is with Firefox. Regarding the security of IE, there is nothing much to say, we all know how secure it is don't we!
The problem with Firefox is that is Open Source. It's both a boon as well as a bane for Mozilla. By being OpenSource its got a huge population of developers who are ready to fix anything that pops up, but at the same time not the safest code is produced during development.
I hope Mozilla fixes this bug as soon as possible, because this is quite serious.
Steven
· 2 years ago
"It's not a bug; it's a feature."
Anyways, everything has bugs. It seems people have hopped on the latest bandwagon of hating anything Microsoft puts out. The original reason for hating Microsoft is its corruption and business ethics, not the security flaws.
That's not the topic here, though. Mozilla Firefox, as well ripped off as it is by Microsoft, has become a popular web browser, which means it's going to be a target for crackers. Windows is a target, not because it's easy, but because the majority of people use Windows. It would be just as easy to build viruses and exploits for Linux (trust me, it is), but not as many people use it.
Since Firefox has become a popular browser, and thus a target, in my opinion, they should remove the open source platform and only let legitimate people make bug fixes. Of course, that will cut down the amount of updates and what-not, but it will also make it take a little bit more time to find exploits.
Don't get me wrong, I support open source all the way, but it is a security risk, and a security risk from hell with that. Besides, from what I read, it's generally the user downloading something they're not supposed to, are activating a control for an unknown or untrustworthy source, so in actuality, it's their fault.
Consider these the ramblings of an incoherent game designer, though.
Z@CK THINKS HE KNOWS
· 2 years ago
Zack, you obviously know nothing about Microsoft's legacy of completely ignoring security exploits.
He may be complaining in the wrong forum about it but if you're going to call him out on it at least be RIGHT. XD
MrX_TLO
· 2 years ago
Java is crap. It's not portable and it's not secure. It's slow and eats all our RAM.
Steve
· 2 years ago
"""This exploit was known to Mozilla for quite sometime and hasn’t still patched it. Given that this vulnerability affects both Google and Firefox lets see who gets this patched first.""""
Surely having Java turned off would work as protection as well? (Since I've yet to find one decent use for Java, and fortunately my bank doesn't use it.)
Jesse McNelis
· 2 years ago
The problem sounds like it's a problem with how firefox handles plugins. i.e the Java plugin. I imagine it might be difficult to fix if it requires breaking support for all the existing plugins.
Spht
· 2 years ago
But by default, NoScript allows scripts to be executed from Google ...
bruckwine
· 2 years ago
damn... *goes off to install NoScript*
BillIsGay
· 2 years ago
Just don't download anything God Damit!!!!! and make sure don't let firefox unzip anything that you have downloaded. Plus uninstall those addons and use firefox like any other web browser.
Myztry
· 2 years ago
Nothing compares to that spit dribbling certifiably insane Microsoft idea of allowing ActiveX code to run based on a yes/no/install response. Since the hijacking of the Browser market, developers have been required to implement stupid ill-conceived functionality in the name of compatibility. Microsoft has been a leader in the same manner as George Bush. There's just no distinguishing them from the enemy.
Francesco Vaj
· 2 years ago
there is definite trend right now toward relaxing browser and dom security restrictions
it's called web 2.0
soon hacker will be able to change one little image or embed on one little website and this will lead to thousands of client users with widgets on their desktop or phone that subscribe to feeds of feeds of feeds of widgets of scrapes of feeds of mirrors of a repost of that image on a social networking site post in a completely unrelated news article where the top commenter of the story uses the altered image/link as his avatar having the entire content of their gmail yahoo live ebay warcraft and digg accounts forwarded to a single hacker email address.
Karthik Kastury said "The problem with Firefox is that is Open Source. It’s both a boon as well as a bane for Mozilla. By being OpenSource its got a huge population of developers who are ready to fix anything that pops up, but at the same time not the safest code is produced during development."
So Open Source software is less secure? I starting to seriously question this blog as this is a statement of pure stupidity.
Dave Nofmeister
· 2 years ago
First, I wanted to say THANKS for the heads up on Firefox!
Also, I don't see what the big debate is. All programs will have security holes at some point. All Firefox has to do is to work on having the best browser out there!
Steve
· 2 years ago
""""Steve
“”"This exploit was known to Mozilla for quite sometime and hasn’t still patched it. Given that this vulnerability affects both Google and Firefox lets see who gets this patched first.”"”"
Bug 369814 is now marked fixed so Firefox 2.0.0.10 will have the fix.
DeusExVerra
· 2 years ago
Fixed in Firefox 2.0.0.10: "MFSA 2007-37 jar: URI scheme XSS hazard" (among other things)
No longer an issue apparently. This sounds more like a fault of Java/User ignorance or carelessness than it does Mozilla if you ask me. I don't see why Java is still in active development. From the perspective of a web developer and a net surfer, its a waste. Eats ram, slow as hell, doesn't perform any real task that can't be accomplished without it (and it can usually be accomplished FASTER without Java). And then there's all the JRE's and crap that take up disk space.
Such a waste. NoScript, Adblock, and the All-in-One Sidebar are definitely the best FFox Extensions out there. (Ffox Extension Backup and IeTab also deserve mention). NoScript is a bit of pain to set up at first, but after you've established a decent "whitelist" It's painless :)
All Comments
Use a seperate forum to yarp abt IE. Atleast when M/soft gets a bug alert if patches
If the Moz folks knew abt this and they didnt patch..thats a bad thingie to be doing to the fans out there..
As far as IE having bugs... of course it does, all reasonably complex software has bugs.
But IE 7 on Vista (with Protected Mode) is probably the safest way to browse the web. There has not been a SINGLE exploit that can target a user using IE 7/Protected Mode.
So... isn't it a Java security flaw instead?
The problem with Firefox is that is Open Source. It's both a boon as well as a bane for Mozilla. By being OpenSource its got a huge population of developers who are ready to fix anything that pops up, but at the same time not the safest code is produced during development.
I hope Mozilla fixes this bug as soon as possible, because this is quite serious.
Anyways, everything has bugs. It seems people have hopped on the latest bandwagon of hating anything Microsoft puts out. The original reason for hating Microsoft is its corruption and business ethics, not the security flaws.
That's not the topic here, though. Mozilla Firefox, as well ripped off as it is by Microsoft, has become a popular web browser, which means it's going to be a target for crackers. Windows is a target, not because it's easy, but because the majority of people use Windows. It would be just as easy to build viruses and exploits for Linux (trust me, it is), but not as many people use it.
Since Firefox has become a popular browser, and thus a target, in my opinion, they should remove the open source platform and only let legitimate people make bug fixes. Of course, that will cut down the amount of updates and what-not, but it will also make it take a little bit more time to find exploits.
Don't get me wrong, I support open source all the way, but it is a security risk, and a security risk from hell with that. Besides, from what I read, it's generally the user downloading something they're not supposed to, are activating a control for an unknown or untrustworthy source, so in actuality, it's their fault.
Consider these the ramblings of an incoherent game designer, though.
He may be complaining in the wrong forum about it but if you're going to call him out on it at least be RIGHT. XD
It may be fixed very soon as https://bugzilla.mozilla.org/show_bug.cgi?id=40... is patched on the mozilla1.8 branch (<behind Firefox 2.0.0.*) as Bug 369814 depended on 403331.
i.e the Java plugin.
I imagine it might be difficult to fix if it requires breaking support for all the existing plugins.
Since the hijacking of the Browser market, developers have been required to implement stupid ill-conceived functionality in the name of compatibility.
Microsoft has been a leader in the same manner as George Bush. There's just no distinguishing them from the enemy.
it's called web 2.0
soon hacker will be able to change one little image or embed on one little website and this will lead to thousands of client users with widgets on their desktop or phone that subscribe to feeds of feeds of feeds of widgets of scrapes of feeds of mirrors of a repost of that image on a social networking site post in a completely unrelated news article where the top commenter of the story uses the altered image/link as his avatar having the entire content of their gmail yahoo live ebay warcraft and digg accounts forwarded to a single hacker email address.
can you understand hacking in 2007? we can: http://xssworm.com
So Open Source software is less secure? I starting to seriously question this blog as this is a statement of pure stupidity.
Also, I don't see what the big debate is. All programs will have security holes at some point. All Firefox has to do is to work on having the best browser out there!
“”"This exploit was known to Mozilla for quite sometime and hasn’t still patched it. Given that this vulnerability affects both Google and Firefox lets see who gets this patched first.”"”"
It may be fixed very soon as https://bugzilla.mozilla.org/show_bug.cgi?id=40... is patched on the mozilla1.8 branch (<behind Firefox 2.0.0.*) as Bug 369814 depended on 403331.""""
Bug 369814 is now marked fixed so Firefox 2.0.0.10 will have the fix.
"MFSA 2007-37 jar: URI scheme XSS hazard"
(among other things)
No longer an issue apparently. This sounds more like a fault of Java/User ignorance or carelessness than it does Mozilla if you ask me. I don't see why Java is still in active development. From the perspective of a web developer and a net surfer, its a waste. Eats ram, slow as hell, doesn't perform any real task that can't be accomplished without it (and it can usually be accomplished FASTER without Java). And then there's all the JRE's and crap that take up disk space.
Such a waste. NoScript, Adblock, and the All-in-One Sidebar are definitely the best FFox Extensions out there. (Ffox Extension Backup and IeTab also deserve mention). NoScript is a bit of pain to set up at first, but after you've established a decent "whitelist" It's painless :)