oops ... FF in trouble from zero-day flaw also

muckshifter · Oct 3, 2006

Is there any point in going on the Internet anymore?

OK, full story here ...

http://news.com.com/2100-1002_3-6121608.html

:rolleyes:

... now there is a simple "fix" if you are using Firefox, just go and install this Extention ...

http://www.noscript.net/getit

http://www.noscript.net/whats

http://www.noscript.net/screenshots

oh, and this "bug" affects Macs & Linux also. :rolleyes:

muckshifter · Oct 3, 2006

...

Quick update ... well I do take my posts seriously in this forum.

http://developer.mozilla.org/devnew...e-possible-vulnerability-reported-at-toorcon/

We got a chance to talk to Mischa Spiegelmock, the Toorcon speaker that reported the potential javascript security issue referenced earlier. He gave us more code to work with and also made this statement and agreed to let me post it here:

The main purpose of our talk was to be humorous.

As part of our talk we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this, and I personally have not gotten it to result in code execution, nor do I know of anyone who has.

I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly haven’t used it to take over anyone else’s computer and execute arbitrary code.

I do not have 30 undisclosed Firefox vulnerabilities, nor did I ever make this claim. I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not.

I apologize to everyone involved, and I hope I have made everything as clear as possible.

Sincerely,

Mischa Spiegelmock

Even though Mischa hasn’t been able to achieve code execution, we still take this issue seriously. We will continue to investigate.

-Window Snyder

... still, "No Script" is a good extention that does what it says on the tin ... worth an install anyway.

Ian · Oct 3, 2006

Nothing is truly safe I suppose

The problem is the little blighters who exploit these holes :user:

I'll download that extension now if it's useful

itsme · Oct 3, 2006

Thank you! works a treat > :wave:

Sir Mucks!

Anon_F · Oct 3, 2006

Thanks Muckshifter

crazylegs · Oct 3, 2006

I knew it was too good to be true all along...Nothing is truly safe 100%...

Abarbarian · Oct 3, 2006

Thanks for the link . Its always better to be safe than sorry

Abarbarian · Oct 3, 2006

Ermm how do you get rid of the annoying info bar at the bottom of the screen after you have downloaded this software .

muckshifter · Oct 3, 2006

Abarbarian said:
Ermm how do you get rid of the annoying info bar at the bottom of the screen after you have downloaded this software .

RTFM

http://www.noscript.net/screenshots#opt1

Have a look in "appearance" (under options) and tick or un-tick the little boxes.

WinkingPig · Oct 4, 2006

This might be of some use to update you on the situation;

http://www.eweek.com/article2/0,1895,2023762,00.asp

Abarbarian · Oct 4, 2006

Thanks Muckshifter

Whats RTFM ???

oops ... FF in trouble from zero-day flaw also

muckshifter

I'm not weird, I'm a limited edition.

muckshifter

I'm not weird, I'm a limited edition.

Ian

itsme

Anon_F

crazylegs

Member Extraordinaire

Abarbarian

Acruncher

Abarbarian

Acruncher

muckshifter

I'm not weird, I'm a limited edition.

WinkingPig

Abarbarian

Acruncher