‘Highly critical’ Firefox updates
p2pnet.net News:- Mozilla says there are ‘several’ fixes its Firefox 1.0.5 security update.
In fact, there’s a bunch – a dozen, to be exact – and Secunia describes the “Multiple vulnerabilities” as “highly critical”.
- MFSA 2005-56 Code execution through shared function objects
- MFSA 2005-55 XHTML node spoofing
- MFSA 2005-54 Javascript prompt origin spoofing
- MFSA 2005-53 Standalone applications can run arbitrary code through the browser
- MFSA 2005-52 Same origin violation: frame calling top.focus()
- MFSA 2005-51 The return of frame-injection spoofing
- MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo()
- MFSA 2005-49 Script injection from Firefox sidebar panel using data:
- MFSA 2005-48 Same-origin violation with InstallTrigger callback
- MFSA 2005-47 Code execution via “Set as Wallpaper”
- MFSA 2005-46 XBL scripts ran even when Javascript disabled
- MFSA 2005-45 Content-generated event vulnerabilities
Mozilla recommends that, “ all users upgrade to this latest version”.
Something you think we should know? tips[at]p2pnet.net
July 13th, 2005 at 7:03 pm
Jeez, I’ve been hearing all this “use Firefox, it’s more secure” stuff. Was that all just hype? Or were they just fooling themselves…
Prolly still better than IE even unpatched.
July 13th, 2005 at 8:37 pm
Firefox has moved into the mainstream, and users are going to find problems. It’s akin to looking at a car on the lot, and driving it. You’ll never notice a lot of problems if the device is in a static state.
Granted, it doesn’t seem to have as many as IE. That would seem to be in it’s favor.
July 13th, 2005 at 10:13 pm
There is not much point trying to exploit any applications security flaws when there aren’t many people using it. Now that Firefox is commanding a sizable share of the browser market, of course people are going to take more interest in discovering and exploiting any security weaknesses. Unfortunately.
July 14th, 2005 at 12:13 am
Microsucks is a victim of its own successes. By taking over everything it could and leaving the public little in the line of choices; it did no favors to the public. Little development goes into a dead-end. While microsucks has the 90% or better lead in folks around the world using its product, that also means that crackers and virii writers have a 90% or better chance of finding a file to attach their little malwares to.
People are getting fed up with the spyware, adware, malware, and all the other little nasties out there on the net. They are looking for other things that are more secure without having to go through major learning curves to do so. As was pointed out in other posts, the more that go to other products, the more the rewards for those that are willing to intrude on your privacy if they make the crack.
Myself, I went to linux. My browser can imitate IE, OSX, Mozilla, Opera, Lynx, Wget, Netscape, or Safari when it reports what browser I am using. It is none of the above but that is the message the website gets when trying to install the cookies that I don’t allow to load or hidden toolbars (that don’t get installed) or spyware. Nor do I allow it to report what OS I am using as an extra precaution. Windoze doesn’t allow you that flexibility and so you are stuck with what you have.
This is not really a fanboy post for another OS but only to point out that I made the move because I am fed up with just such continual updates because of constant needing of security tightening. Not many will want to learn a new OS, thinking that it is too complicated. I have no problems with that. The less that use linux, the more secure for the rest of us.