Critical Firefox Flaw discovered *update: it's a hoax

[ForumMaster]

By Shawns request:

It's a hoax. srry for getting you all worried and stuff. after is was, for atleast two days, posted in google news, i assumed it was legit news. apparently not. ass effowe pointed out, it's actually a hoax.


Link

Chicago (IL) - According to media reports, a pair of hackers said on Saturday that the Firefox Web browser, commonly perceived as the safer and more customizable alternative to market leader Internet Explorer, is critically flawed. A presentation on the flaw was shown during the ToorCon hacker conference in San Diego.

The hackers claim that anyone running Firefox could be a victim of the flaw, which is related to the browser's handling of the Internet language JavaScript. Reportedly, someone could create a Web page with malicious JavaScript code that would specifically affect computers running Firefox browsers. The hackers, Mischa Spiegelmock and Andrew Wbeelsoi, claim that this could lead to remote control of any affected computer, including Windows, Apple, and Linux systems.



Spiegelmock reportedly said that the JavaScript implementation is a "complete mess" and that it is "impossible to patch." Upon watching a video of the presentation, Window Synder, Mozilla's security chief, said that this issue appears to be a "real vulnerability".

Reportedly, Snyder is also understandably upset about the public flow of this information, claiming that the details presented during the conference almost completely show how one could exploit the flaw. "I think it is unfortunate because it puts users at risk, but that seems to be their goal," she said.

Jesse Ruderman, another member on the Mozilla security staff, persuaded hackers to disclose any potential security holes via their "bug bounty" program, instead of maliciously exploiting them for hijacking vulnerable computers. Mozilla's bug-reporting system gives $500 to anyone who reports a vulnerability to the Firefox staff.

Firefox was originally introduced as an alternative to Internet Explorer, the browser that has long been known for easy exploiting and distribution of worms and viruses. Because Microsoft's browser contains such an enormous userbase, it has always remained the main target for hackers. However, Firefox's audience has been growing and it is becoming a viable target for hackers.

this seems bad. is it just FF that's effected? maybe a good time for my great friend Opera to steal some marketshare?

 

[rudder]

just stick with ATOT and you will be okay. Its got news, stuff to read when you bored, and if your quick enough... the occasional porn.

 

[ForumMaster]

i suppose. not that i surf bad sites, but even good sites can be hacked. Fusetalk.net was hacked once. if they hack some creible site and insert the code, it could be bad.

 

[nakedfrog]

I'd question the statement that it's "impossible to patch."

 

[SaltBoy]

NoScript FTW!

Although if the code gets put into a credible site, I'm screwed.

 

[eits]

[sarcasm]omg, really?!?! a firefox bug!?!?! no way!!![/sarcasm]

 

[Nik]

It's only a matter of time before Opera starts getting targetted by people who are looking for cracks in security. The cracks are there, just haven't been found yet.

 

[Aharami]

Window Synder

wtf kinda name is that? why would anyone name their child Window?

 

[Alex]

read the full article and feedback here... http://www.betanews.com/article/Alleged_Unfixable_Exploit_in_Firefox/1159803553

this thing is blown way out of proportion. read the responses from the ppl who found the bug and from mozilla team.

 

[ForumMaster]

Originally posted by: GuideBot
It's only a matter of time before Opera starts getting targetted by people who are looking for cracks in security. The cracks are there, just haven't been found yet.

not really. even the percent of mac user is higher. Opera is about 1 percent if not less.

 

[MaxDepth]

I'll wait till it hits /.

 

[Jawo]

Originally posted by: eits
[sarcasm]omg, really?!?! a firefox bug!?!?! no way!!![/sarcasm]

thats what I was thinking...its a game of numbers

/waiting for viruses to come out and infect ipods/macs as they increase in popularity

 

[loup garou]

Originally posted by: MaxDepth
I'll wait till it hits /.

Text

 

[Nik]

Originally posted by: ForumMaster

Originally posted by: GuideBot
It's only a matter of time before Opera starts getting targetted by people who are looking for cracks in security. The cracks are there, just haven't been found yet.

not really. even the percent of mac user is higher. Opera is about 1 percent if not less.

You totally missed my point.

 

[eits]

firefox sucks, people.

 

[nakedfrog]

Originally posted by: eits
firefox sucks, people.

:roll:

 

[eits]

Originally posted by: nakedfrog

Originally posted by: eits
firefox sucks, people.

:roll:

what? it does. it used to not suck. now, it does.

i can't press ' or / without having the firefox search prompt pop up.

sometimes, the cursor will move back a space while i'm typing (a new development).

fvck that browser.

 

[ForumMaster]

Originally posted by: GuideBot

Originally posted by: ForumMaster

Originally posted by: GuideBot
It's only a matter of time before Opera starts getting targetted by people who are looking for cracks in security. The cracks are there, just haven't been found yet.

not really. even the percent of mac user is higher. Opera is about 1 percent if not less.

You totally missed my point.

no i got your point. yes as FF get's more popular it will become a bigger target. hope that next time, those idioctic hackers warn the FF team before showing the world how to do it.

 

[Pepsi90919]

Originally posted by: eits

Originally posted by: nakedfrog

Originally posted by: eits
firefox sucks, people.

:roll:

what? it does. it used to not suck. now, it does.

i can't press ' or / without having the firefox search prompt pop up.

sometimes, the cursor will move back a space while i'm typing (a new development).

fvck that browser.

THANK YOU. i thought i was the only one having that stupid fvcking problem.

 

[mugs]

Originally posted by: eits

Originally posted by: nakedfrog

Originally posted by: eits
firefox sucks, people.

:roll:

what? it does. it used to not suck. now, it does.

i can't press ' or / without having the firefox search prompt pop up.

sometimes, the cursor will move back a space while i'm typing (a new development).

fvck that browser.

You also have to use a hack to mitigate the effects of its memory leak. The other day it was using over 350 MB of RAM on my system! The only thing it really does for me is tabbed browsing. If IE6 had tabbed browsing, I'd use it because its google toolbar is better.

 

[Pepsi90919]

Originally posted by: ForumMaster
Link

Chicago (IL) - According to media reports, a pair of hackers said on Saturday that the Firefox Web browser, commonly perceived as the safer and more customizable alternative to market leader Internet Explorer, is critically flawed. A presentation on the flaw was shown during the ToorCon hacker conference in San Diego.

The hackers claim that anyone running Firefox could be a victim of the flaw, which is related to the browser's handling of the Internet language JavaScript. Reportedly, someone could create a Web page with malicious JavaScript code that would specifically affect computers running Firefox browsers. The hackers, Mischa Spiegelmock and Andrew Wbeelsoi, claim that this could lead to remote control of any affected computer, including Windows, Apple, and Linux systems.



Spiegelmock reportedly said that the JavaScript implementation is a "complete mess" and that it is "impossible to patch." Upon watching a video of the presentation, Window Synder, Mozilla's security chief, said that this issue appears to be a "real vulnerability".

Reportedly, Snyder is also understandably upset about the public flow of this information, claiming that the details presented during the conference almost completely show how one could exploit the flaw. "I think it is unfortunate because it puts users at risk, but that seems to be their goal," she said.

Jesse Ruderman, another member on the Mozilla security staff, persuaded hackers to disclose any potential security holes via their "bug bounty" program, instead of maliciously exploiting them for hijacking vulnerable computers. Mozilla's bug-reporting system gives $500 to anyone who reports a vulnerability to the Firefox staff.

Firefox was originally introduced as an alternative to Internet Explorer, the browser that has long been known for easy exploiting and distribution of worms and viruses. Because Microsoft's browser contains such an enormous userbase, it has always remained the main target for hackers. However, Firefox's audience has been growing and it is becoming a viable target for hackers.

srry if repost. search sucks and i did search for anything i could think of.

this seems bad. is it just FF that's effected? maybe a good time for my good friend Opera to steal some marketshare?

reportedly, reportedly, reportedly, alleged. OK.

 

[dzammit]

All software has bugs, and none is fully "secure". As has been said so many times, security is a process, not a product. So I'm quite aware that Firefox has had security issues, and will have more in the future as sure as the sun rises. But the record so far with Firefox has been positive. Security issues are not common, but when they are found, they are openly discussed and fixed quickly.

 

[ForumMaster]

Originally posted by: mugs

Originally posted by: eits

Originally posted by: nakedfrog

Originally posted by: eits
firefox sucks, people.

:roll:

what? it does. it used to not suck. now, it does.

i can't press ' or / without having the firefox search prompt pop up.

sometimes, the cursor will move back a space while i'm typing (a new development).

fvck that browser.

You also have to use a hack to mitigate the effects of its memory leak. The other day it was using over 350 MB of RAM on my system! The only thing it really does for me is tabbed browsing. If IE6 had tabbed browsing, I'd use it because its google toolbar is better.

try opera. best browser. was the first with tabbed browsing. no extensions, but that's really FF only.

 

[eits]

Originally posted by: ForumMaster

Originally posted by: mugs

Originally posted by: eits

Originally posted by: nakedfrog

Originally posted by: eits
firefox sucks, people.

:roll:

what? it does. it used to not suck. now, it does.

i can't press ' or / without having the firefox search prompt pop up.

sometimes, the cursor will move back a space while i'm typing (a new development).

fvck that browser.

You also have to use a hack to mitigate the effects of its memory leak. The other day it was using over 350 MB of RAM on my system! The only thing it really does for me is tabbed browsing. If IE6 had tabbed browsing, I'd use it because its google toolbar is better.

try opera. best browser. was the first with tabbed browsing. no extensions, but that's really FF only.

tried it. it was buggy, too.

 

[ForumMaster]

Originally posted by: eits
tried it. it was buggy, too.

really? what version? yes they do release updates too. opera is currently version 9.02. v9 added a lot. try the new version.