Firefox blighted by unpatched bug

[Osiris]

Security researchers have discovered an unpatched vulnerability in Firefox that might be used to crash vulnarable systems. Hackers might also use the security bug to trick surfers into running malicious code by simply fooling them into visiting a maliciously constructed website.

This is a class of problem well known to IE users but it will come as a nasty shock to users of the alternative browser, which has been seen as something of a safe haven from hacker attack even though this assumption has come under question over recent months. The vulnerability, discovered by Tom Ferris of Security Protocols, applies to Firefox version 1.0.6. Previous versions may also be affected but this has yet to be confirmed. The security bug stems from an error in handling a URL that contains the 0xAD character in its domain name, giving rise to possible heap-based buffer overflow attacks. Security notification service Secunia describes the vulnerability as "highly critical". It advises users not to browse untrusted websites as a precaution. This isn't exactly the easiest precaution to stick to, though it's the only one on offer just now pending a more comprehensive workaround from the Mozilla Foundation.

 

[3rdID]

I think theres a bunch of holes they havent found yet. I was getting crazy amounts of spyware, trojans and major viruses when I had firefox installed. Went back to IE, no more problems.

 

[tribalsun]

but but but Firefox is impervious to trojans and virii. I've seen it destroy large villages, small cities and crops with my own eyes this Firefox.

Surely you jest Warez.

 

[Osiris]

When will people understand that there is no browser safer than the next. Day after day they find security holes in all these browsers. Just because IE has been out longer and has more fixes than FF doesnt mean its not safe. Switch the the 2 around and everyone would agree that IE was safer than FF, get it???? A lot of these spyware companies are incorporatiing there shit into FF and IE and other browsers as well. So no matter what you use, there will always be these problems. Just like I have said from the begining, but no one wanted to listen because FF was so good and new and everyone talked about how secure it was, etc, etc etc. As long as there is code and there are humans writing it, theres going to be problems. As long as we have hackers, spyware programmers etc, this will always be an issue. All browsers and operating systems would be fine if it wasnt for these people. Stop attacking the software and go after these people. There is a workaround to everything and anything, just give it time.

 

[boo]

i don't really care whats safer ... FF still rules... better name... coolier look

 

[TheMajor]

I received like 3 mails from Cnet about FireFox bugs/security holes only this week.

 

[ZeroX]

well atleast they tell you, microsoft would just keep it under the carpet as long as they can.

 

[Osiris]

I've got a qestion...why does a software vendor tell the public they have found a security hole, flaw, etc, whatever it may be before patching it? Thats just an invitation for someone to check the flaw out, see if they have time to exploit it and make a nicie virus for it. Thats like telling someone if you can make it thru my yard by jumping over the gate, pass my 4 pitbulls without getting hurt, jump 16 hurdles, swim across the swimming pool without drowning and can get into my house before I make a key to lock it, you can rob me. I think they need to keep it quiet as long as possible and patch it then release the info to the public. The same with open source software, theres another invitation.

 

[ZeroX]

yeah that seems like a better way to do it.