Mozilla Says Firefox Flaw Could Lead To Data Leak

[Osiris]

Firefox users should read this. The company says it is working to fix a flaw that could give attackers unauthorized access to your machine.

The problem is similar to other data leakage flaws found in the open-source browser, according to researcher Gerry Eisenhaur, who first reported the problem on Saturday. Eisenhaur has posted sample code that reads the contents of a Mozilla Thunderbird preferences file, but he believes that attackers could get access to more information with variations on his attack.

Mozilla Says Firefox Flaw Could Lead To Data Leak : Welcome To Tech-Dump


​

 

[KSoD]

This is IMPOSSIBLE!!! Firefox is secure no way it could have a flaw that is just as bad as IE! :laughing:

/joke

Easy Firefox users it is just a joke. Just goes to show you that no software is completely secure no matter what the claims made by the developers are.

 

[Trotter]

True, true.

What I don't understand it this... Someone finds a problem (like this or whatever). Instead of letting the company/people know, they put it on the web. HELLO!!! Why would you publish it, and show how it is done, if you are wanting to help the problem??? Sure, publish the fact and maybe a description, but not the nuts and bolts of it.

Maybe that would make too much sense...

Anyway, Mozilla shold have a fix up shortly.

 

[Typhoon]

True, true.

What I don't understand it this... Someone finds a problem (like this or whatever). Instead of letting the company/people know, they put it on the web. HELLO!!! Why would you publish it?

It's usually intnernet clans.
They can post this kind of information for hits, and erm.. "Sense of fear".

 

[KSoD]

Wel here is something that was brought up to me by someone who read this. The .js files that are used by Firefox usually dont store things like password and stuff like that. It is mainly for your profile stuff. Looks, extensions used adn things like that. He doesnt understand how they are using the ..js files to get this info.

Which is a good question.

 

[Vincent-Valentine]

doesnt matter what you do, someone is always one step ahead, so stop stressing keep all ur stuff u care about on a secure pc that doesnt use the net, and use one u dont care about formatting for surfing the naughty sites and playing with random limewire downloads that u know will do ur computer harm, caus theres no way to be safe all the time, so might aswell have fun while u set ur pc up for a major attack

 

[murdocsvan]

doesnt matter what you do, someone is always one step ahead, so stop stressing keep all ur stuff u care about on a secure pc that doesnt use the net, and use one u dont care about formatting for surfing the naughty sites and playing with random limewire downloads that u know will do ur computer harm, caus theres no way to be safe all the time, so might aswell have fun while u set ur pc up for a major attack

sorry, but thats about the worst piece of advice i've ever heard. why cause wanton destruction on your a computer at al? why not just be more careful about where you surf, or just wait a few days to get the patch?

and how would you suggest we take the stuff thats important we get off the internet and put it on a more secure computer, without compromising the secure computers security?

most of us dont have the luxury of having 2 computers, and most of us arent OCD about getting computer viruses.

 

[Vincent-Valentine]

well you put it on a portible device IE flash drive or usb HDD and the scan the device, and i have 4 computers 2 laptops and 2 desktops, so i can use this method, and if u live life running away from everything u will lead a very boring life, sorry to say that, but whats the point of worryin what happens to your pc if everythings secure and u can fix it if it gets out of hand, i just hate running from things that cant even be seen, to me its easier to do what i want without having to avoid some sites that might give me a evil cookie, do as u please, but theres no use running, caus u can almost guarantee that someone will find a way to avoid that patch in the next few weeks, then you'll need another, its pointless in my opinion, but do as you please, i cant control you, im just voicing my opinion.

 

[KSoD]

That method will not work. How do you keep the Anti-Viruses up to date? Download the Definations then transfer them? What if they are bogus and contain a virus? How would you know?

Using 2 PC's is just outragous. There is no need for it. All you need is COMMON SENSE. Dont store credti card data on there or social security numbers. Kepp addresses WRITTEN DOWN and not on your PC and make sure you dont have your name on there other than your first name and last initial.

Gee even if htey hack you then what do they get? A first name and last inital? Could be anyone at that point. Your method is far to time consuming and over the top. That goes beyond ultra paranoid. Plus it defeats the purpose of running a PC if you dont connect it to the net. What can you do? Game....not with friends. Productivity....pointless cause you then have to transfer the data to the other PC just to move it to the pople who have to proof it.

That is measures that people who are more paranoid than Monk take. Sorry but that is just over the top. Common Sense, a good anti-virus and a firewall are better measures than that.

 

[Vincent-Valentine]

what anti-virus do u sergest and what firewall do you servest? and i only use more than one pc caus i can, i dont keep any of that **** on my pc, im more afraid to lose my songs than anything else, but i dont keep any of the card numbers or anything on my pc, thats just pure stupid, also i dont use the save password setting. also, you seem like you know alot about pc's and laptops, so do you think u can help with my laptop? im in dire need of help with my sound on it, i made a thread "Acer Aspire 4710Z - couple of problems" i really need the sound and webcam going, thats it, the rest doesnt really matter at the moment.