Users could face a "highly critical" risk if they have both IE and Firefox version 2.0, or later, loaded on their computer. The trouble begins when browsing a malicious site while using IE and it registers a "firefoxurl://" URI (uniform resource identifier) handler, which allows the browser to interact with specific resources on the Web. As a result, users may find their systems remotely compromised.
Earlier Tuesday, security researcher Thor Larholm, who discovered the IE flaw, and security research giant Symantec put much of the blame on IE, while Secunia's Thomas Kristensen, chief technology officer, attributed the problem to Firefox versions 2.0 or later. "It's a little bit of both," said Oliver Friedrichs, director of Symantec's Security Response Center. "You have two very complex applications that are not playing well together and leading to a security issue. The components themselves are secure as stand-alone products but not together."
View: Full Story
News source: News.com
Earlier Tuesday, security researcher Thor Larholm, who discovered the IE flaw, and security research giant Symantec put much of the blame on IE, while Secunia's Thomas Kristensen, chief technology officer, attributed the problem to Firefox versions 2.0 or later. "It's a little bit of both," said Oliver Friedrichs, director of Symantec's Security Response Center. "You have two very complex applications that are not playing well together and leading to a security issue. The components themselves are secure as stand-alone products but not together."
View: Full Story News source: News.com
http://wiki.mozilla.org/Firefox:2.0.0.5
What ticks me off is that they ANNOUNCE the bug in PUBLIC, thus making hackers aware of the exploit and try to use ASAP before the new patch is issued.
Another thing is that they are being FORCED to accelerate the release of the patch rather making sure that the patch is BUG FREE, if all possible. I rather that the developers do a right job on a patch rather than a hastily done patch that could later result more problems.
/off soap box
So you'd rather that the hackers already know about this and tell each other about it, but that the general public has no idea that they're in danger?
Either IE7 or Firefox 2.0+ is vunrable.
For that reason, while I think this exploit is nasty, I think it'll largely end up not being exploited very much.
For that reason, while I think this exploit is nasty, I think it'll largely end up not being exploited very much.
i aint worried about this much myself since i almost never use IE besides for windows updates pretty much.
but it's nice to know they going to patch it asap
i sure did with vista
What has that got to do with the vulnerability? The exploit happens when you browse using IE and have firefox installed.
i sure did with vista
Good for you. You have any idea the security holes you opened up in doing that?
Smooth move
What has that got to do with the vulnerability? The exploit happens when you browse using IE and have firefox installed.
Well ... if IE has been removed it can hardly be used for browsing, can it?
You did know that IE was separated from the Explorer shell in Vista didn't you? I guess not.
What has that got to do with the vulnerability? The exploit happens when you browse using IE and have firefox installed.
Well ... if IE has been removed it can hardly be used for browsing, can it?
you dont need IE removed, just dont run it
But if you really remove IE, you'll lose help, WMP, and many other features.
Completely removing IE is a bad paranoia that damages system.
You mean 2.0.0.4, not 2.0.4.
But if you have Firefox installed, why would you ever use IE?
But if you have Firefox installed, why would you ever use IE?
But if you have Firefox installed, why would you ever use IE?
Because not all of us are fanboys of Firefox
But if you have Firefox installed, why would you ever use IE?
Because not all of us are fanboys of Firefox
i aint a fanboy and i agree with him as why would you use IE if u got firefox installed in the first place since odds are if u got firefox installed you want to use it.
p.s. i understand though that theres times where IE is required... but in most cases it is not, especially for the average joe.
But if you have Firefox installed, why would you ever use IE?
Web developers and designers. They can't just assume that what works in one browser works in another.
But if you have Firefox installed, why would you ever use IE?
firefox has an extension that lets you open a tab in IE format. lets you view those sites fine.
IE = Useless for the average person.
How long have you been living in that cave?
v 1.1.4.9.070622
=====================================================================
+ Full anti-XSS protection for every trusted URL opened from external
applications
+ Protection against all the currently known cross-browser exploits
targeting Firefox (Larholm, Rios, MacManus...)
IE should be classified as malware.
IE should be classified as malware.
Why? IE7 is quite usable. Besides. This is a FF problem.
FIXED FOR TEH TRUTH!
You should post more; this place is just too boring without you!
Opera ...
most people dont use opera for more reasons then that.
and why would i have FF installed and browse with IE? chances are you dont....unless you need to use IE for a windows site or another 'safe' site.
Yeah, that's mature. Way to handle your emotions when someone even mentions a browser that doesn't happen to rhyme with Firefox. Deal with someon else's opinion, or convince them to see your light. Don't be a troll.
Really? Well that was specific. And on that subject, more reasons than what? The other guy never gave anybody a reason not to use Opera, he simply stated that Opera was the fastest and safest web browser. Which is completely true. Deal with it.
Uh, so what you're saying is...nothing. There's IE only pages, so that's why you would use it. Why would you ask a stupid question that you can obviously answer yourself within 2 seconds?
Faster than links2?
Faster than links2?
You got me there.
http://www.shiftdelete.net/site/download/s...irefox_yama.zip
The button on the left removes the handler and the one on the right undoes the action.
BTW Opera is proven to be the safest browser once again.
http://www.shiftdelete.net/site/download/s...irefox_yama.zip
The button on the left removes the handler and the one on the right undoes the action.
BTW Opera is proven to be the safest browser once again.
A patch from a site frequented by Al-Qaeda? No thanks but I agree with you concerning Opera.
http://www.shiftdelete.net/site/download/s...irefox_yama.zip
The button on the left removes the handler and the one on the right undoes the action.
BTW Opera is proven to be the safest browser once again.
A patch from a site frequented by Al-Qaeda? No thanks but I agree with you concerning Opera.
Do you think that a website hosting this gallery has something to do with Al-Qaeda? You have so much wrong thoughts about my country. I know that the patch does not harm the system. Here is the VirusTotal scan result..
Last edited by borkenek on 12 Jul 2007 - 00:11
http://www.shiftdelete.net/site/download/s...irefox_yama.zip
The button on the left removes the handler and the one on the right undoes the action.
BTW Opera is proven to be the safest browser once again.
A patch from a site frequented by Al-Qaeda? No thanks but I agree with you concerning Opera.
lol racism
Honestly, of all the things you could have said, you chose RACISM?
Honestly, of all the things you could have said, you chose RACISM?
Obviously, you didn't get the point. I think what he calls racism is labelling all the nation as Al Qaeda supporters.
+1 for reading comprehension.
+1 for reading comprehension.
Labelling a group is called stereotyping. Racism is when you think one race (usually your own) is better than others.
Yes no?
Last edited by Octol on 15 Jul 2007 - 12:47
I think Thursday is too late for patching the vulnerability so I put that link here.
There's also an English version: http://gghaberver.googlepages.com/sdn-ffpatch.rar
It requires .NET Framework 2.0.
At least when Microsoft ported over Internet Explorer to the "other side" it actually worked.
But look at the bright side: If you think Safari is alright when you switch to FireFox you will experience the web on a whole other level.
At least when Microsoft ported over Internet Explorer to the "other side" it actually worked.
But look at the bright side: If you think Safari is alright when you switch to FireFox you will experience the web on a whole other level.
In this case, FTW means Fails to work.
You are lucky if it just crashes. It has so many security holes that if it didn't crash, you PC would be infected in a fraction of second.
u got Autopatcher. or u can allow windows update to download from the background.
You guys need to understand the causes of the problem, which is, WINDOWS. You see, Internet Explorer has the URI Handler activated because Internet Explorer IS the Windows Explorer shell.
Now, before pointing fingers to anyone, Firefox HAS NO RESPONSIBILITY over a WINDOWS flaw that they didn't knew about.
Firefox and Opera are GOOD web browsers. The problem, with Internet Explorer, is that by the time it was made, it was an premature piece of software released to have more features than bug fixes, which isn't the case related to Opera or Firefox issues (read: THE BUGFIX IS GOING TO GET RELEASED NEXT WEEK). I DARE YOU to point when INTERNET EXPLORER had this kind of SUPPORT.
Recently, now that Firefox (and Opera) were taking over the Web Browser's market share, Internet Explorer has become active again, releasing a "nicer" GUI for their browser (the tabs, animations, and everything's nice) but it still isn't compliant with PNG transparencies, not even CSS1!
If you people have a true sense of logic, grab these browsers: Opera, Firefox and (sadly, included in your Windows system) Internet Explorer, and THEN compare them.
People in my company migrated their ActiveX system to a faster and more secure AJAX interface, because they knew about Internet Explorer flaws.
Now, bring on the trolls and flames, I know this place is popular because of the eternal FUD and (most of the) statements that only could brew a 10-yo child.
Thanks for your time
You guys need to understand the causes of the problem, which is, WINDOWS. You see, Internet Explorer has the URI Handler activated because Internet Explorer IS the Windows Explorer shell.
Now, before pointing fingers to anyone, Firefox HAS NO RESPONSIBILITY over a WINDOWS flaw that they didn't knew about.
Been drinking? This is a flaw in FIREFOX ALONE. Firefox should properly parse it's command line arguments, or register an association that DOESN'T allow arbitrary parameters to be submitted (i.e. use DDE like you're meant to).
Allow me to rephrase what you said:
Now, before pointing fingers to anyone, Firefox HAS ALL RESPONSIBILITY over a FIREFOX flaw that they didn't knew about.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.