Javascript vulnerability in FireFox

Whatever...

Moderators: Víctor Paredes, Belgarath, slowtiger

Post Reply
User avatar
heyvern
Posts: 7042
Joined: Fri Sep 02, 2005 4:49 am

Javascript vulnerability in FireFox

Post by heyvern »

I just read about a new vulnerability in FF that effects ALL PLATFORMS... Win, Mac, Linux.

http://www.pocket-lint.co.uk/news.php?newsId=4979

Mozilla is looking at it but doesn't have a timeline for a fix. This is a nasty bugger that would allow a malicious website to cause some kind of buffer overun allowing someone to take control of a computer.

(Buffer overrun? Is that similar to a Buffy rerun?)

In the meantime you could turn off JS or instal this cool little dohicky:

http://www.noscript.net/

It allows you to block all JS from untrusted sites.

-vern
Last edited by heyvern on Mon Oct 02, 2006 3:17 pm, edited 1 time in total.
Top
Patmals
Posts: 551
Joined: Tue Aug 08, 2006 7:19 am
Location: Nagoya-shi, Japan

Post by Patmals »

Thanks mate!
Top
Patmals
Posts: 551
Joined: Tue Aug 08, 2006 7:19 am
Location: Nagoya-shi, Japan

Post by Patmals »

Heyvern,

the whole thing was a hoax / joke

http://www.betanews.com/article/Firefox ... 1159903320
Top
User avatar
Rasheed
Posts: 2008
Joined: Tue May 17, 2005 8:30 am
Location: The Netherlands

Post by Rasheed »

Nevertheless, it is wise to use NoScript on websites you don't know or trust. Running JavaScript (or whatever code) from an untrusted source is a potential security risk. With NoScript in FireFox (or Security Zones in MSIE), you can turn off scripting and selectively turn it on for websites you trust.

I should note that using these solutions are no final protecting against malware and hackers, because security is a process, not a state. If you want to learn more about computer security and how to keep your computer and local network safe, I suggest you listen to the Security Now! podcast.
Top
User avatar
heyvern
Posts: 7042
Joined: Fri Sep 02, 2005 4:49 am

Post by heyvern »

Patmals wrote:Heyvern,

the whole thing was a hoax / joke

http://www.betanews.com/article/Firefox ... 1159903320
Yeah I noticed that!
Pretty annoying if you ask me. I pride myself on avoiding hoaxes. I scold others when they send me hoaxes... no... I insult them... I belittle them... I tell them to check their sources, and now I got nailed by one.
:(

I think the press is responsible as much as the perpetrators. They pounded on this story since it first came out and no one really verified it. Maybe they have learned a lesson as well.

The FF team seem pretty... noncholant about the whole thing. I would be pretty pissed about this if I were them. A lot of people were switching to Opera during the fiasco.

I turned off my noscript... it got on my nerves. I only browse the web "randomly" with my Mac and never had any trouble.

The PC is not allowed to leave the house with out telling me exactly where it's going and who it is going with.
;)

-vern
Top
Post Reply

Return to “Miscellaneous Chit-Chat”