Avast WEBforum

Other => General Topics => Topic started by: TedNelly on June 02, 2005, 08:40:37 AM

Title: "Holey Browsers"
Post by: TedNelly on June 02, 2005, 08:40:37 AM
Firefox or Mozilla or any bloody browser for that matter

Programmers have discovered at least 28 holes in Firefox since January 1.

The Mozilla browser shared 27 of those problems with Firefox.

 Use Secunia's tool to see whether your browser is vulnerable:

Secunia's Tool (http://secunia.com/mozilla_products_arbitrary_memory_exposure_test/)

I thought that this would interest the members of this forum as I know that a lot of the members

use FF as I do
Title: Re: "Holey Browsers"
Post by: DavidR on June 02, 2005, 02:31:24 PM
Peter if your going to post stuff like this which is misleading, as there aren't 28 unpatched holes. Yes 28 holes (as you say) have been discovered by programmers since January 1st (an eternity in computer terms), what you fail to mention is how many have been fixed.

This is a more accurate state, 17 Secunia Advisories, only 4 unpatched and of those they are classed as Less Critical. http://secunia.com/product/4227/
Quote
Mozilla Firefox 1.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Less critical

This is based on the most severe Secunia advisory, which is marked as "Unpatched" in the Secunia database. Go to Unpatched/Patched list below for details.

Currently, 4 out of 17 Secunia advisories, is marked as "Unpatched" in the Secunia database.

What surprises me more is having brought this to every firefox users attention, according to your signature you are still using firefox 1.0.3, not 1.0.4 the latest release patches a number of these security advisory vulnerabilities.
Title: Re: "Holey Browsers"
Post by: polonus on June 02, 2005, 08:05:58 PM
Yes DavidR,

Some of these critical flaws have been fixed in FF. If IE were so quick as to fix theirs, there would not have been FF. A lot of FF's vulnerabilities still only work through an unpatched IE browser on the system. What was wrong with IE is building a browser as a conclusive part of your OS, very very unsafe policy. Active X was another of these examples, where the whole comp is open to attackers. FF has their holes as well, even in the last version. They work on that. But I know all over the net anti-spyware, and adware experts advice FF, and not only because of their big blue Mozilla eyes,

polonus
Title: Re: "Holey Browsers"
Post by: MFB on June 03, 2005, 02:22:28 AM
DavidR is correct, Firefox 1.0.4 has alot of security patches that fixes some of Firefox's security problems. 
Title: Re: "Holey Browsers"
Post by: TedNelly on June 03, 2005, 08:06:42 AM
Firefox or Mozilla

I thought that this would interest the members of this forum as I know that a lot of the members

use FF as I do

DavidR I fail to see how this could possibly be seen as misleading as there is a link to the actual

web site man judge for yourself  that was my meaning behind the post in the first place. It odviously

Interseted you ;D

Quote
This is a more accurate state, 17 Secunia Advisories, only 4 unpatched and of those they are classed as Less Critical

You knew this fact prior to visiting this site http://secunia.com/product/4227/ which I see is a link to the

posting I made.

Thank you for pointing out that my signature was incorrect. I know how people can be confused by version

numbers I will update Thunderbird to 1.0.4 as soon as it is available also  ;)
Title: Re: "Holey Browsers"
Post by: DavidR on June 03, 2005, 11:08:53 AM
It is misleading because it only tells part of the story (and an old one at that), nothing is mentioned even briefly that many are patched.

So only those interested enough are going to check, the rest are left with a misleading impression that firefox is full of holes (your words). Not to mention the page you sent them to does a security check so they would have to look even further.

Your link doesn't go to the mozilla firefox security advisory page but to a page to run a security checking tool.

My reason for posting was in the Internet age of Instant Gratification and Headlines many would simply read the post and go no further. So I put the other side to the story and gave a link to the firefox security advisory page.
Title: Re: "Holey Browsers"
Post by: FreewheelinFrank on June 03, 2005, 11:10:44 AM
Holey Browsers? More like Holy Browser!

(http://donaldbroatch.users.btopenworld.com/11thcomandment.jpg)
Title: Re: "Holey Browsers"
Post by: TedNelly on June 03, 2005, 11:49:51 AM


lol "thou shall not"

Thanks for the constructive criticism DavidR I hope you enjoyed the articles as you apparently  visited

the site and managed your way around ok . Which was the  whole idea behind the post

Title: Re: "Holey Browsers"
Post by: polonus on June 03, 2005, 01:44:23 PM
Hi P3t3rb0nn,

Really that humor is the salt of life, I would say- what a great cartoon. laugh your head off, and use a safer browser, like FF, Opera etc. If your configuration is lousy, or your programs unpatched, even this or other Holey Browser can not save your three letter behind.

Greetings,

polonus