View Full Version : Critical flaws found in Firefox

05-10-2005, 12:45 PM
link (http://news.bbc.co.uk/2/hi/technology/4532127.stm)

Critical flaws found in Firefox

The Mozilla Foundation has said it is "working aggressively" to fix two flaws in its open source Firefox browser.

The vulnerabilities, reported on Saturday, were identified as "very critical", but no cases had been reported of them being exploited. Several security firms identified the flaws which could let websites run malicious code on a person's computer.

Mozilla has responded by changing its update service and says people should temporarily turn off JavaScript code.

Manual downloads

The first flaw reported fools the browser into thinking software is being installed by a legitimate, or safe, website.

The second flaw happens when the software installation trigger does not properly check icon web addresses which contain JavaScript code.

A hacker could potentially take advantage of the security flaws to secretly launch malicious code or programs.

Mozilla advised people to download add-ons to its software manually from the Foundation's site.

Danish security firm Secunia said called the flaws "extremely critical" because cookie and history information could be used to get access to personal information or gain access to sites previously visited.

The Mozilla Foundation, which developed the browser, said it was working hard to provide a comprehensive and more permanent fix for the problems.

Main competition

Last week, Firefox celebrated its 50 millionth download since its official launch in November.

Firefox is Microsoft Internet Explorer's (IE) main rival in the browser market. Many like it because it is easily customised, and others say it has fewer security flaws than IE.

Being open source means people can adapt the software's core code to create innovative features, such as add-ons, RSS news feed readers, or extensions to the program.

The Mozilla Foundation was set up by former browser maker Netscape in 1998. Netscape dominated the browser market in the early 1990s.

Microsoft releases its next-generation IE7 later this year which promises to be more secure

05-10-2005, 04:21 PM
thanks for this pedro. Good to know.

I love Firefox - would recommend it to any users of IE. Tabbed browsing is the way to go.

05-10-2005, 04:57 PM
I'm a definite convert to Firefox. I'd never even consider going back to IE even if version 7 is more secure than previous versions.

05-10-2005, 05:41 PM
I love love love the tabbed browsing aspect and that alone is enough to keep me from using IE ever again.

05-10-2005, 07:03 PM
I'm never going back either.

05-10-2005, 10:07 PM
Another Firefox user here, since January. Head and shoulders better than IE.

05-10-2005, 10:14 PM
Firefox will be come a victim of it's own success. Before it really wasn't worth hacker's time to mess with it. But as it becomes more popular the more it becomes vulnerable to spreading trojans, virius, and associated mischief.

05-10-2005, 10:17 PM
So whre does one go to get these download updates?

05-10-2005, 11:43 PM
So whre does one go to get these download updates?

I'm wondering the same thing. I think I saw on slashdot (no, I don't post there, LOL) that the Firefox group said it would make the patch(es) available to the public in due time.

05-10-2005, 11:47 PM
I love Firefox, guys, and don't think that this recent vulnerability is a good enough reason to switch browers; however, Opera 8 is looking like a really good browser. It's pretty quick, has tabs. The only thing I couldn't figure out about Opera 8 (the adware version) is how to add folders to the browser favorites without going to a child window to to "manage" the favorites. Both Firefox and Opera are going to completely shut out IE within a couple of years, IMO (ISP's should start bundling Firefox and Opera with their internet connection software), AND Opera has probably the best support for the CSS specification out there. :thumbup:

05-10-2005, 11:52 PM
in the upper right hand corner of firefox, there is a link to the firefox homepage. Also they sometimes have a link announcing updates to their software there.

05-11-2005, 02:38 AM
Another great feature of the firefox browser is the user-submitted extensions. You can add on all kinds of extensions to the program to make life even easier.

Here are some of the best ones I have:

forecastfox (https://do-not-add.mozilla.org/extensions/moreinfo.php?application=firefox&id=398)

This specific extension integrates weather.com into your browser. You simply input your city and state, press ok, and it puts pictures of the current forecast and tomorrows forecast in the lower left corner of the browser. Move your cursor over the picture, and it gives the weather details for the picture.

biblesearch (https://do-not-add.mozilla.org/extensions/moreinfo.php?id=555)

This one incorporates a toolbar for searching biblegateway.com, a site i frequent pretty often.

foxytunes (https://do-not-add.mozilla.org/extensions/moreinfo.php?id=219)

This one adds buttons to the bottom of your browser window to control mp3 playback. Just open your normal music player (it works with all the major ones, WMP, RP, Winamp, etc.), let it run in the background, and you can skip , stop, pause, eject from firefox without having to alt-tab or mess with other windows.

There's a whole bunch of these cool extensions that enhance firefox and make it even better. I spent close to 3 hours looking through them.

Here's a link to the extensions homepage

firefox extensions (https://do-not-add.mozilla.org/extensions/?application=firefox)