Firefox 2.0.0.5 has been released - Page 2

Trotter · 07-19-2007, 10:32 AM

Quote:

thx. yeah, java was the only thing that it didn't fix. how did you fix it it, trotter?

Haven't bothered to fix it yet. I was going to use NTT to force it. Did it not work?

Osiris · 07-23-2007, 02:09 PM

Password Vulnerability In Firefox 2.0.0.5

All you Firefox users out there should be aware of this recently discovered password vulnerability in Firefox 2.0.0.5. Hit the link for all the details.

According to a message posted over the weekend on the Full-Disclosure mailing list, the latest version of Firefox, 2.0.0.5, contains a password management vulnerability that can allow malicious Web sites to steal user passwords.

Vormund · 07-23-2007, 03:10 PM

Quote:

Originally Posted by Warez Monster

Password Vulnerability In Firefox 2.0.0.5

All you Firefox users out there should be aware of this recently discovered password vulnerability in Firefox 2.0.0.5. Hit the link for all the details.

According to a message posted over the weekend on the Full-Disclosure mailing list, the latest version of Firefox, 2.0.0.5, contains a password management vulnerability that can allow malicious Web sites to steal user passwords.

Who doesn't use NoScript? (Allow javascript on a site-by-site basis.) No problem.

They say they're "discussing" removing the password feature...hah, that would suck. Patch it and move on...!

macdawg · 07-23-2007, 08:49 PM

no script is a real inconvenience though, cripples the browser

EricB · 07-23-2007, 08:53 PM

Quote:

Originally Posted by macdawg

no script is a real inconvenience though, cripples the browser

no it don't. you allow the scripts on trusted sites

Osiris · 07-25-2007, 07:05 AM

The Mozilla Foundation acknowledged over the weekend that its own Firefox browser allows links that can send malicious code to external programs, a security issue that the group had previously argued should be fixed by the browser maker.
In early July, three researchers found a way to execute code in Firefox - and potentially other Windows programs - by passing it a malicious uniform resource identifier (URI) from Internet Explorer.

The discovery lit off a firestorm of finger pointing: The Mozilla Foundation argued that IE should validate the URI before passing it along to another program, while Microsoft stated that input validation is the responsibility of the receiving program.
Over the weekend, another researcher discovered that Mozilla Firefox has the same security issue. The Mozilla Foundation acknowledged the problem on Monday.
"We thought this was just a problem with IE," Mozilla's chief security officer Window Snyder said in a blog post. "It turns out, it is a problem with Firefox as well."
In the latest versions of their products, Microsoft and the Mozilla Foundation have focused on security. In Internet Explorer 7, Microsoft added anti-phishing features, the ability to run in protected mode on its latest operating system, Windows Vista, and severely culled problematic ActiveX controls. In Firefox 2.0, the Mozilla Foundation also added anti-phishing features and the ability to clear private data.
Mozilla is now looking into the issue to determine its response to the problem.

Dio1080 · 07-25-2007, 11:35 AM

All this talk is telling me not to update until the time is right.

Osiris · 07-27-2007, 09:51 AM

Mozilla Flaw Attack Code Published

According to InfoWorld, Mozilla is working on a patch for its Firefox browser after a hacker posted details of a flaw that could let intruders run unauthorized software on a victim's machine.

The flaw lies in Firefox's URL handler component, which was the source of another bug Mozilla disclosed Tuesday. This second flaw was disclosed Tuesday by Billy Rios and Nathan McFeters, security consultants with VeriSign and Ernst & Young, respectively. Like the first flaw, this one could be exploited by attackers to launch programs on the victim's PC without authorization.

macdawg · 07-28-2007, 09:15 AM

"no it don't. you allow the scripts on trusted sites"

which is a time consuming inconvenience, i visit about 15 sites a day, and run ccleaner a couple times a week, which means I'd constantly be deciding which scripts to run making it more trouble than its worth.

Trotter · 07-28-2007, 08:02 PM

CCleaner does not affect permissions in NoScript. I love using NoScript, as it gives me an extra layer of protection when surfing.

07-23-2007, 02:09 PM	#12 (permalink)
Osiris Security/Hacking Mod Join Date: Jan 2005 Location: USA Posts: 24,780	Re: Firefox 2.0.0.5 has been released Password Vulnerability In Firefox 2.0.0.5 All you Firefox users out there should be aware of this recently discovered password vulnerability in Firefox 2.0.0.5. Hit the link for all the details. According to a message posted over the weekend on the Full-Disclosure mailing list, the latest version of Firefox, 2.0.0.5, contains a password management vulnerability that can allow malicious Web sites to steal user passwords. __________________ www.MasterB365.com www.MasterB-Outdoors.com

07-23-2007, 08:49 PM	#14 (permalink)
macdawg Ultra Techie Join Date: Mar 2005 Posts: 788	Re: Firefox 2.0.0.5 has been released no script is a real inconvenience though, cripples the browser

07-25-2007, 07:05 AM	#16 (permalink)
Osiris Security/Hacking Mod Join Date: Jan 2005 Location: USA Posts: 24,780	Re: Firefox 2.0.0.5 has been released The Mozilla Foundation acknowledged over the weekend that its own Firefox browser allows links that can send malicious code to external programs, a security issue that the group had previously argued should be fixed by the browser maker. In early July, three researchers found a way to execute code in Firefox - and potentially other Windows programs - by passing it a malicious uniform resource identifier (URI) from Internet Explorer. The discovery lit off a firestorm of finger pointing: The Mozilla Foundation argued that IE should validate the URI before passing it along to another program, while Microsoft stated that input validation is the responsibility of the receiving program. Over the weekend, another researcher discovered that Mozilla Firefox has the same security issue. The Mozilla Foundation acknowledged the problem on Monday. "We thought this was just a problem with IE," Mozilla's chief security officer Window Snyder said in a blog post. "It turns out, it is a problem with Firefox as well." In the latest versions of their products, Microsoft and the Mozilla Foundation have focused on security. In Internet Explorer 7, Microsoft added anti-phishing features, the ability to run in protected mode on its latest operating system, Windows Vista, and severely culled problematic ActiveX controls. In Firefox 2.0, the Mozilla Foundation also added anti-phishing features and the ability to clear private data. Mozilla is now looking into the issue to determine its response to the problem. __________________ www.MasterB365.com www.MasterB-Outdoors.com Last edited by Warez Monster; 07-25-2007 at 07:14 AM.

07-25-2007, 11:35 AM	#17 (permalink)
Dio1080 True Techie Join Date: Jan 2007 Location: Cherryville, NC Posts: 185	Re: Firefox 2.0.0.5 has been released All this talk is telling me not to update until the time is right. __________________ Can't really say much with only 8 lines.

07-27-2007, 09:51 AM	#18 (permalink)
Osiris Security/Hacking Mod Join Date: Jan 2005 Location: USA Posts: 24,780	Re: Firefox 2.0.0.5 has been released Mozilla Flaw Attack Code Published According to InfoWorld, Mozilla is working on a patch for its Firefox browser after a hacker posted details of a flaw that could let intruders run unauthorized software on a victim's machine. The flaw lies in Firefox's URL handler component, which was the source of another bug Mozilla disclosed Tuesday. This second flaw was disclosed Tuesday by Billy Rios and Nathan McFeters, security consultants with VeriSign and Ernst & Young, respectively. Like the first flaw, this one could be exploited by attackers to launch programs on the victim's PC without authorization. __________________ www.MasterB365.com www.MasterB-Outdoors.com

07-28-2007, 09:15 AM	#19 (permalink)
macdawg Ultra Techie Join Date: Mar 2005 Posts: 788	Re: Firefox 2.0.0.5 has been released "no it don't. you allow the scripts on trusted sites" which is a time consuming inconvenience, i visit about 15 sites a day, and run ccleaner a couple times a week, which means I'd constantly be deciding which scripts to run making it more trouble than its worth.

07-28-2007, 08:02 PM	#20 (permalink)
Trotter Admin Das BanHammer Join Date: Jan 2005 Location: The South Posts: 14,411	Re: Firefox 2.0.0.5 has been released CCleaner does not affect permissions in NoScript. I love using NoScript, as it gives me an extra layer of protection when surfing. __________________ *-Das Banhammer-* DFI LanParty UT nF4 SLI-D - AMD Athlon X2 4200+ w/ Zalman CNPS9500 2GB (2x1 GB) G.SKILL ZS Razer Lachesis - ATI 3850 w/Accelero S1

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Critical Security Flaw Discovered In IE & Firefox	Osiris	Browser & General Internet Questions	6	07-18-2007 08:04 PM
Hacking Firefox via Add-Ons	Osiris	Browser & General Internet Questions	9	06-01-2007 06:11 PM
Firefox 3 Alpha 4 has been released	Osiris	Windows Operating Systems and Software	4	04-29-2007 09:57 AM
Firefox Also Vulnerable To .ANI Exploits	Osiris	Browser & General Internet Questions	1	04-06-2007 12:14 PM
Bookmarks in Firefox !	weswes	Browser & General Internet Questions	2	04-06-2007 12:07 PM