"As usual, the best workaround in the interim is NoScript, provided the site exploiting site has not been authorized to run javascript. ®"

That's really funny. I'll bet if you do that, they'll also have a list of your NoScript whitelist and blacklist. I'm guessing that these exploits can be tagged into any suitably vulnerable site, so that could actually be a hazard.

Now that's not very funny!

As usual, it's a javascript exploit. As usual, those of us who run with Noscript enabled are relatively immune unless we do something to shoot ourselves in the foot.

I've tried running several other browsers, but the combination of Adblock and Noscript keeps me coming back to Firefox. Between those two, my surfing is a lot more productive, and a lot less distracting.

Ajax is nothing more than using Javascript a particular way with some compatible tools. Just a buzzword really.

Remember how the world swooned over Ajax? Even though every good computer user knows that they must not ever use anything related to Javascript (at least according to most people who post to slashdot or similar forums)

Funny how all those javascript haters fell in love with Ajax.

But I digress, really my point is this:

Use Firefox and get owned just like users of internet explorer! Open source isn't perfect! Now that Firefox has a larger market share, they are getting hit by more hackers! I told you so!

And once again it won't be used in the wild

proof of concept is as far as it will go I wouldn't

waste my time trying to get someones settings

from their plugins they might not have for a bare

one in twenty hits and of course if memory serves

there have always been firefox vulns and as yet

very few wholesale ownings none that I know of

so STFU just as I said.

Yes, vulnerabilities will turn up in Firefox just as in Internet Explorer, and yes, as Firefox becomes more popular it will become a target for criminal hackers. The difference is that when a vulnerability is found in Firefox, the open-source community gets on it right away so it is usually fixed within 24-48 hours; while Microsoft usually takes weeks or even months to sort out vulnerabilities in Internet Explorer. So even if Firefox becomes the majority browser (speed the day!) I would still use it for that reason alone, notwithstanding its customisability and huge range of useful plugins.

"I've tried running several other browsers, but the combination of Adblock and Noscript keeps me coming back to Firefox. Between those two, my surfing is a lot more productive, and a lot less distracting."

Eh?!

But surfing is *supposed* to be distracting, and since when was it a productive activity!

The ultimate in productive and non-distracting surfing on would surely be the yet to be released NetBlock plug-in, or should that be plug-out...

Yes, surfing is non-productive. Generally. But Noscript/Adblock keeps this non-productive time much more productive. IYSWIM.

I'd hate to point it out, but using phrases like 'remotely scan all variables' implies that they're somehow connecting to your Firefox application and reading all your data.

The truth of the matter is that a boring bit of Javascript can run when you're browsing a web-page and post which plugins you're using off somewhere. That's so scary, they might find out that I use Firebug, alert the authorities.

Believe it or not, you can run methods in ActiveX/COM objects through Javascript in IE, run to the hills!

"Even though every good computer user knows that they must not ever use anything related to Javascript "

That's just a load of rubbish. There is nothing wrong with javascript as long as the site still works with it turned off - it can be used to enhance functionality, as long as it doesn't replace it.

You have to be careful when discussing browser fix times.

Microsoft may fix a problem in 1 hour flat. However they may not publish it for a month, unless extremely urgent.

Unlike much Open Source (note: much, not all), MS have a single point of contact and they deal with VERY arge businesses.

If they release a fix that then turns out to cripple every system going, they can be held liable. i.e sued. It's difficult to sue a bunch of looselt collected people.

Also MS actually did the month patch fixing in response to alrge number of Admins asking for this. This means they can take the patches. Pilot them and then roll them out. If they have to do this 1 - 5 times a week (remeber we are talking about apps, DB's as well as browsers), Admins get completely bogged down.

So the quick turn around by the OS community is great , but bear in mind, it can also be a burden.

"But surfing is *supposed* to be distracting, and since when was it a productive activity!"

er, since this....

- buying tickets for a concert, buying tickets for gloasto , buyinmg tickets for a plane trip & holiday...

- checking my stuff is in stock in argos, finding details about a new LCD, PC, etc...

- getting technical manuals in minutes, not the usual 30 days by post... productive enough??

you are living in the past, almost everything is on the internet now....

Stu - Microsoft's real problem is that half the code for IE is used by the OS for other things so fixing something in IE will, more than likely, blow something up somewhere else (some of that being down to undocumented entry points being used). Firefox has the advantage that its code is only used by it - so if it doesn't blow itself up then its OK.

Actually I don't think you can sue MS if their patch takes your system out - its bound to be covered in the novella length EULAs you've supposedly read.

"Yes, surfing is non-productive."

Sometimes you want it to appear to be more productive than it really is. For this, however, I recommend browsing El Reg using lynx in an xterm (on cygwin if you must), rather than the combo of Firefox / Adblock / NoScript.

"you are living in the past, almost everything is on the internet now...."

And you, my friend, are living without a sense of humour...

(And however much you might surf around for one, I'm not really too sure the internet is going to be of much help to you on that front - Amazon certainly don't seem to stock them...)

Dan Goodin calls 'em "plugins" (adapters for viewing specialized content within the browser, e.g., Flash), but he means "extensions" (add-ons that customize the browser's behavior or extend its functionality).

Got any nits you want picked?

"since when was it a productive activity!" was the point .... sure I know that was 'tongue in cheek', but I think you took my comment far too seriously!! :D

- the internet is so much like 'real life' these days... you can be 'very unproductive' just staring at the mags in a shop, etc, etc, but this is your time to waste! :)

The comment by 'yeah, right' was more directed at the fact it takes much more time to get to the thing he wants, ie a not so productive implementation of a website... blocking the distracting flashy stuff, pop-ups that get in the way, etc lets you quickly see the thing you want..

These are just the same as the loud salemen at the front of a dept store, that you have to get past, to get the simple thing you want....

- you can also use a 'unpretty browsing interface' and it looks to your boss like you are 'working' when you just have a bit of 'relaxion' online...

but we are waaaay offtopic......