Firefox Security Flaw "Impossible To Patch"

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • FrameShifter
    Confirmed User
    • Jan 2005
    • 1120

    #1

    Firefox Security Flaw "Impossible To Patch"

    Hackers detail Firefox flaw, calling the browser a "complete mess"
    Hacker conferences are so much fun. Case in point: San Diego's ToorCon conference on Saturday, when engineers Mischa Spiegelmock and Andrew Wbeelsoi (what names!) took the stage and called the increasingly popular Firefox Web browser a "complete mess." The duo detailed to the world a security flaw in Firefox, which afflicts the browser's handling of Javascript. As if that weren't painful enough, Spiegelmock and Wbeelsoi also said the glitch was probably "impossible to patch."

    "Internet Explorer, everybody knows, is not very secure," said Spiegelmock. "But Firefox is also fairly insecure."

    Naturally, Firefox officials were none too happy, reports CNET. The hard-working people from the Mozilla Foundation, which manages Firefox, had hoped for a bit more discretion. Publicizing a Firefox insecurity hurts the browser's image as the safe, spam-free alternative to Microsoft's Internet Explorer. "I think it is unfortunate because it puts users at risk, but that seems to be their goal," groused Window Snyder, head of security for Mozilla.

    Digg readers are having none of the Firefox bashing. When one posted: "It makes you wonder why people always say FF is the best browser," one reader was quick to fire back: "Maybe because each Firefox flaw is worthy of a news post, while Internet Explorer has so many that no one bothers to write about them anymore."

    http://money.cnn.com/blogs/browser/i...79456257268446
  • GrouchyAdmin
    Now choke yourself!
    • Apr 2006
    • 12085

    #2
    You'll find this due to the Netscape licensing for the Javascript engine. It's a hodgepodge of shit, and they were not allowed to make changes to it. AFAIK, they've been working on a complete code replacement.. at least, that's what the site has said for the past year or so..

    Comment

    • madawgz
      8.8.8.8
      • Mar 2006
      • 30509

      #3
      whats the cliff notes?
      TAEMDLRMSKRJIXMRLSMRJ.

      Comment

      • GrouchyAdmin
        Now choke yourself!
        • Apr 2006
        • 12085

        #4
        Originally posted by madawgz
        whats the cliff notes?
        lol open source lol

        Comment

        • marzzo
          Confirmed User
          • May 2002
          • 2134

          #5
          Eh, Toorcon kicks ass (ya know I love ya G ;) but they're Mac-biased.

          Not that there's anything wrong with that, of course
          4 5 zero - 2 2 - nine nine nine

          Comment

          • squishypimp
            PostMaster General
            • Aug 2006
            • 10781

            #6
            glad i use IE!

            Comment

            • L-Pink
              working on my tan
              • Mar 2005
              • 39151

              #7
              Originally posted by squishypimp
              glad i use IE!
              remember, open EVERY email

              Comment

              • SmokeyTheBear
                ►SouthOfHeaven
                • Jun 2004
                • 28609

                #8
                Originally posted by L-Pink
                remember, open EVERY email
                dont use i.e. for email , dont use firefox for browsing ... problem solved..
                hatisblack at yahoo.com

                Comment

                • Superterrorizer
                  Confirmed User
                  • Sep 2003
                  • 509

                  #9
                  Impossible to patch doesn't mean impossible to fix. Quite easilly fixed/plugged in fact.
                  Two options off the top of my head:

                  1. Turn off javascript
                  2. Install the NoScript plugin and let only trusted sites execute js on your machine.

                  Comment

                  • SmokeyTheBear
                    ►SouthOfHeaven
                    • Jun 2004
                    • 28609

                    #10
                    Originally posted by Superterrorizer
                    Impossible to patch doesn't mean impossible to fix. Quite easilly fixed/plugged in fact.
                    Two options off the top of my head:

                    1. Turn off javascript
                    2. Install the NoScript plugin and let only trusted sites execute js on your machine.
                    thats gonna make for some awfully boring browsing
                    hatisblack at yahoo.com

                    Comment

                    • DamageX
                      Marketing & Strategy
                      • Jun 2001
                      • 14293

                      #11
                      Originally posted by SmokeyTheBear
                      thats gonna make for some awfully boring browsing
                      Using the NoScript plugin here and haven't had a single problem, nor does it annoy me that it blocks shit. My work is much easier now, thanks to it.
                      Whitehat is for chumps

                      If you don't do it, somebody else will - true story!

                      Comment

                      • Ebola
                        Confirmed User
                        • Aug 2004
                        • 207

                        #12
                        So FF's head of security's name is "Window"?

                        Comment

                        • Tuga
                          Confirmed User
                          • Nov 2002
                          • 7678

                          #13
                          Safari rocks.

                          Go Fuck Yourself!
                          ICQ 101411627

                          Comment

                          • drjones
                            Confirmed User
                            • Oct 2005
                            • 908

                            #14
                            I remember back when Firefox (aka Pheonix) was released and had intended to be a "lightweight" bloat-free version of Mozilla. Supposed to be light and snappy, small and functional.

                            Even though it is incredibly useful (but only after adding the appropriate extensions), FF has long surpassed the bloated sluggishness of the original Mozilla. Seems like its strayed far from its original goals.
                            ICQ: 284903372

                            Comment

                            • drjones
                              Confirmed User
                              • Oct 2005
                              • 908

                              #15
                              Turns out this whole thing was a hoax anyways.

                              http://digg.com/security/Claimed_Sec...ox_Just_A_Joke
                              ICQ: 284903372

                              Comment

                              • RawAlex
                                So Fucking Banned
                                • Oct 2003
                                • 9465

                                #16
                                At the end of the day, most viruses and security holes take advantage of IE because most of the surfers HAVE and USE IE. By using Firefox (or Opera) you are putting yourself in a much smaller group, a group much less likely to get targetted to start with.

                                That the so-called security hole is bullshit just makes me smile

                                Alex

                                Comment

                                Working...