flat assembler
Message board for the users of flat assembler.

Index > Heap > Firefox Fix Due Next Week After Attack Is Published

Goto page Previous  1, 2, 3, 4  Next
Author
Thread Post new topic Reply to topic
drhowarddrfine



Joined: 10 Jul 2007
Posts: 535
drhowarddrfine
Apparently this flaw also existed on Windows and was fixed with today's security patch?

I have a feeling this is the same a-hole who released another vulnerability to the wind without letting the browser vendor know about it ahead of time so they could fix it.
Post 14 Jul 2009, 20:37
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
And I'm still using Firefox 3.0.11 so I may not need to worry about this Very Happy

drhowarddrfine, do you have some relevant link so I can change mine?
Post 14 Jul 2009, 20:40
View user's profile Send private message Reply with quote
drhowarddrfine



Joined: 10 Jul 2007
Posts: 535
drhowarddrfine
LocoDelAssembly wrote:
public exploit exists (allows arbitrary code execution).
To be clear, exploits do NOT exist and none has been reported. Unless you mean the guy who discovered it released the method of doing it, yes, that's out there, and he's an @ss for doing so.
Post 14 Jul 2009, 20:40
View user's profile Send private message Reply with quote
drhowarddrfine



Joined: 10 Jul 2007
Posts: 535
drhowarddrfine
LocoDelAssembly wrote:
drhowarddrfine, do you have some relevant link so I can change mine?
Change your what?
Post 14 Jul 2009, 20:41
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17248
Location: In your JS exploiting you and your system
revolution
drhowarddrfine wrote:
Change your what?
I think I would have to change my underwear if I was reading about JS exploits and I had JS enabled. Laughing

Oh, and I assume LocoDelAssembly was wanting to change his link?
Post 14 Jul 2009, 20:45
View user's profile Send private message Visit poster's website Reply with quote
drhowarddrfine



Joined: 10 Jul 2007
Posts: 535
drhowarddrfine
Post 14 Jul 2009, 20:49
View user's profile Send private message Reply with quote
drhowarddrfine



Joined: 10 Jul 2007
Posts: 535
drhowarddrfine
Please note that you must visit a web site that contains the malicious code. This is not something you would get by email or any other way.
Post 14 Jul 2009, 20:52
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17248
Location: In your JS exploiting you and your system
revolution
drhowarddrfine wrote:
Please note that you must visit a web site that contains the malicious code.
Why must I? I don' wanna. Crying or Very sad

Wink
Post 14 Jul 2009, 20:54
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Just to improve my English, how should I formulate the question?

About the topic: According to my source the exploit was released without notifying the vendor first (like the first vulnerability in this thread). It affects Windows only but they warned that not many modifications are required to make the exploit work in any platform.

[edit] Added the link to the first post about this new vulnerability. Thanks [/edit]


Last edited by LocoDelAssembly on 14 Jul 2009, 21:20; edited 1 time in total
Post 14 Jul 2009, 20:56
View user's profile Send private message Reply with quote
drhowarddrfine



Joined: 10 Jul 2007
Posts: 535
drhowarddrfine
Your English is fine.

I'm just now hearing of this, not that anyone calls me on the phone to tell me. I'm less concerned about it than I originally thought. Like I said above, the code must be part of a web page for this to cause a problem so only problem web sites would bother to do this and no one here ever visits such places, do they?

I'm unsure of the patch being ready to go now. I thought I read it was but can't find my bookmark to the right mailing list (with my password) to see what they're talking about. (My dev computer is off and I'm not at home.)


Last edited by drhowarddrfine on 14 Jul 2009, 21:06; edited 1 time in total
Post 14 Jul 2009, 21:03
View user's profile Send private message Reply with quote
drhowarddrfine



Joined: 10 Jul 2007
Posts: 535
drhowarddrfine
Actually, you might change this:

It affects Windows only but you are warned that....
Post 14 Jul 2009, 21:06
View user's profile Send private message Reply with quote
windwakr



Joined: 30 Jun 2004
Posts: 827
Location: Michigan, USA
windwakr
drhowarddrfine wrote:
Apparently this flaw also existed on Windows and was fixed with today's security patch?

I have a feeling this is the same a-hole who released another vulnerability to the wind without letting the browser vendor know about it ahead of time so they could fix it.


What patch? Firefox hasn't told me any updates are available.

_________________
----> * <---- My star, won HERE
Post 14 Jul 2009, 21:17
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Quote:

It affects Windows only but you are warned that....

I've applied this change but with a slight modification.
Post 14 Jul 2009, 21:22
View user's profile Send private message Reply with quote
drhowarddrfine



Joined: 10 Jul 2007
Posts: 535
drhowarddrfine
windwakr wrote:

What patch? Firefox hasn't told me any updates are available.
As I said, a patch was completed but is being tested.
Post 14 Jul 2009, 22:37
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8867
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
maybe time for you guys to use opera? like myself? Razz Razz
Post 15 Jul 2009, 08:33
View user's profile Send private message Reply with quote
tom tobias



Joined: 09 Sep 2003
Posts: 1320
Location: usa
tom tobias
Gosh, since this, and similar threads have appeared here, I have tried firefox and opera, and I find, gasp, shock, dismay, horrors, that I still prefer IE 7.
Opera in particular, while very nice, has one feature that I dislike so much that I no longer use it. When I click on the desktop icon, Opera doesn't commence. Instead a prompt appears, asking me if I wish to get started. Wow. Terrible. What a waste of my time.
Firefox seemed ok, at first, but then, the favorites section was so muddled and cluttered, that I switched back to IE 7.
I tried IE 8, must have been a beta version, quite awful....

Probably most of my inconvenience is due to laziness to discover how to manipulate the user interface....IE 7 is simply more intuitive, I find. I know how, through trial and error, not by reading the manual!!!, to eliminate as much of the fluff as possible, for example some of the "bars", like menu bar, or "status bar".....I think there is even an "air bar" or some such nonsense... The other day I reinstalled win95. Wow is it fast....


Smile
Post 15 Jul 2009, 11:00
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8867
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
Quote:

Opera in particular, while very nice, has one feature that I dislike so much that I no longer use it. When I click on the desktop icon, Opera doesn't commence. Instead a prompt appears, asking me if I wish to get started. Wow. Terrible. What a waste of my time.

idk, but this doesn't happen to me.
after i double click, it open, and i start tying watever website i wanna go, of course, i tweak it somehow after the initial installation. eg. disable the speed dial, block bit torrent download, changing the Ctrl + N to new tab instead of new window. but thats all the tweak i did, after that, i use it. Smile perhaps.. like what you said,

Quote:

Probably most of my inconvenience is due to laziness to discover how to manipulate the user interface.


so, i guess the answer is in above sentence too. hehe Wink
Post 15 Jul 2009, 11:12
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Quote:
When I click on the desktop icon, Opera doesn't commence.

You mean the icon in quick-start area, which minimizes all windows? I never use that one, but it's keyboard shortcut (WIN + D) works fine with opera, at least for me.
Post 15 Jul 2009, 12:36
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
drhowarddrfine



Joined: 10 Jul 2007
Posts: 535
drhowarddrfine
tom tobias wrote:
Gosh, since this, and similar threads have appeared here, I have tried firefox and opera, and I find, gasp, shock, dismay, horrors, that I still prefer IE 7.
Everything you mention has to do with the user interface. Most browsers are similar along those lines and that boils down to personal preference. However, Firefox is ultimately customizable and you can make it look and work like anything you want. There are some people who make it look/act like a Mac app.
Quote:

Probably most of my inconvenience is due to laziness to discover how to manipulate the user interface....IE 7 is simply more intuitive, I find. I know how, through trial and error, not by reading the manual!!!
Because you're used to it. Just like any new software, certain things you can figure out easy enough but the real power lies beneath what you are shown up front. For example, have you ever tried typing 'about:config' in the address bar? Are you aware of the Firefox Add-Ons site?
Post 15 Jul 2009, 15:45
View user's profile Send private message Reply with quote
drhowarddrfine



Joined: 10 Jul 2007
Posts: 535
drhowarddrfine
Expect the update alert for the fix to show up this week sometime.
Post 16 Jul 2009, 03:58
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3, 4  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.