Unpatched Firefox flaw lets fox into henhouse
Same sh*t, different zero-day
Updated An unpatched memory corruption flaw in the latest version of Firefox creates a means for hackers to drop malware onto vulnerable systems.
Older versions of the popular alternative browser might also be affected, Secunia warns.
Exploit code has been uploaded onto recently revived security exploit website milw0rm, a factor that could hasten the development of more attack code.
Secunia advises Firefox users to avoid browsing untrusted websites or following untrusted links pending the availability of a fix from Mozilla.
In an advisorye, released Tuesday, Mozilla detailed available workarounds designed to address the problem.
The appearance of an unpatched vulnerability in Firefox could hardly have come at a worse time because it coincides with confirmation from Microsoft on Monday of a second unpatched ActiveX flaw affecting users of its Internet Explorer software.
Only one of these two security bugs is likely to be fixed later on Tuesday, when Microsoft publishes its monthly Patch Tuesday update. That prompted some security researchers, including those at the SANS Institute's Internet Storm Centre, to consider the use of an alternative browser on the grounds of security.
Selecting Firefox over IE when both have unresolved security problems fails to make much sense, leaving Windows users looking for more secure surfing software alternatives with a choice limited to Opera, Safari and Google Chrome. ®
Noscript is besides the point
But this isn't the point. The point is that computers have been sold for well over 15 years on the principle that everyone should not only have one, but they should use it to communicate with their grandchildren or college friends and perhaps learn a little bit about the world we live in.
Worse they are then told a complete crock of shit when they're told that the expensive internet protection package they have bundled with the PC is going to make it safe to do so. Would it be so hard for one of these PC megastores to employ someone who has a clue and will not let anyone take a PC home without a decent firewall in place?
Noscript is not a piece of software you can give to someone who doesn't know how to copy photos from a digital camera memory stick. You might as well install it with a Simplified Chinese language pack for all the sense it will make to those that need it most.
If computers are the appliance that PC World and Best Buy claim they are, they should work with zero configuration required. And if they aren't then they shouldn't be sold to people without a cigarette warning on the box that tells them they'll need to spend months learning how to surf safely before connecting to the internet.
My own theory is that every PC should be bundled with 100 dvds stuffed full of the best porn and the network card safely configured with a screw driver and a mallet. Because what need for the internet if you've got what you wanted from it already?
Golly, I sure miss opera.I miss it b/c I could not that 'lock'.
It just wasn't there.Plus, I had a site that was permanently blocked,
a popular site.
I don't like ff.Where is speed dial?
This has nothing to say about unpatched ff or the slow start-up of 3.5.
But, I worry about people using opera.Be careful.
The problem with "trusted sites" advice...
The problem with "trusted sites" advice is that no site that allows user content with scripts and links can be trusted. This includes pretty much all of the top 10 destinations, eBuy, FaceSpace, YouBoob, et al.
I've said all along - if I can't use your site without script and cookies I won't be there long.