Firefox JavaScript Vulnerability

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Bill Sanderson posted the following in a different thread:

There is no safe haven:
http://isc.sans.org/diary.php?storyid=1751

See also:
http://news.com.com/2100-1002_3-6121608.html

Tim recommends using the "NoScript" extention if you are not already using it:
https://addons.mozilla.org/firefox/722/

AND turning off JavaScript in general unless you really need it Until this
issue is addressed.

"Malware,
It's not just for Microsoft anymore !"

?:-(
Tim
Geek w/o Portfolio
Tantum suspiciosissimi supersunt
 
Tim

This is an interesting development. I recently saw a program in which the
question was asked. Why do MS operating systems and applications have so many
security vulnerabilities? Answer. Because the vast majority of the worlds
computer users use MS OSs and products. Malaware writers would not be able to
inflict the same havoc by attacking other less popular OSs and applications.
Guess thats easy enough to figure out. What is interesting now is that, as
computer users turn their attention to other products so are the malaware
writers. Which of course, seems to bear out the theory of both the program
and Bills comment. "There is no safe haven."

Stu
 
Seems like it might be harder to exploit than first thought

"Early Monday, Window Snyder, the new security chief of Mozilla, said her
team had been unable to produce more than a browser crash with the exploit
code. "Even though Mischa hasn't been able to achieve code execution, we
still take this issue seriously," Snyder said in an accompanying message on
the developer center site. "We will continue to investigate." "

?:-)
Tim
Geek w/o Portfolio,
and who will never wear a Black Hat.
 
Indeed--there were two presenters of this issue at a conference, and
apparently they were intending to provide some light relief, rather than a
serious vuln disclosure. So--this may not be as significant an issue as was
originally portrayed in the press--but I don't think this changes the way
I'd think of it. There are similar discussions around the security of MacOS
vs Windows--nothing is perfect.

--
 
Back
Top