Avast WEBforum

Other => General Topics => Topic started by: polonus on November 01, 2006, 01:24:27 PM

Title: First vulnerability in FF 2.0
Post by: polonus on November 01, 2006, 01:24:27 PM

Hi malware fighters,

We could have waited for it, now it is here, a hole in FF 2.0. Only able to crash the browser now, look here:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5633

A proof of concept: http://werterxyz.altervista.org/Firefox2Range.htm
(Does not work with NoScript enabled, people do not know what a gigantic protection can be achieved by installing the NoScript add-on for FF or Flock).

polonus

Title: Re: First vulnerability in FF 2.0
Post by: OrangeCrate on November 01, 2006, 01:32:13 PM

Already posted by Cloussau here:

http://forum.avast.com/index.php?topic=24536.45

Title: Re: First vulnerability in FF 2.0
Post by: DavidR on November 01, 2006, 01:33:24 PM

Yes, NoScript is very handy for these and any other script attacks when you arrive at an unknown site.

Title: Re: First vulnerability in FF 2.0
Post by: .: Mac :. on November 02, 2006, 12:43:27 PM

And its a MultiPlatform bug as it crashes the Mac version too

Title: Re: First vulnerability in FF 2.0
Post by: OrangeCrate on November 02, 2006, 02:30:16 PM

Firefox has roughly 10% of the browser market, and it's well known, that it is used heavily by computer savvy folks. I wonder how many of those users aren't using NoScript? Kind of a non-starter don't ya think?  ;)

Edit: Typo

Title: Re: First vulnerability in FF 2.0
Post by: FreewheelinFrank on November 02, 2006, 02:42:58 PM

Update on the story:

http://news.com.com/Another+denial-of-service+bug+found+in+Firefox+2/2100-1002_3-6131624.html?tag=cd.top

Title: Re: First vulnerability in FF 2.0
Post by: bob3160 on November 02, 2006, 03:35:15 PM

Quote from: FreewheelinFrank on November 02, 2006, 02:42:58 PM

Update on the story:

http://news.com.com/Another+denial-of-service+bug+found+in+Firefox+2/2100-1002_3-6131624.html?tag=cd.top

Quote

Release of the new Web browsers set off a race among bug hunters to come up with the first security hole in either program.
So far, though, none of the reported flaws could be exploited to hijack a PC running the browser, the most serious type of vulnerability.

That's actually when a flaw becomes a security breach. Everything else is simply an annoyance. IMHO  :)

Title: Re: First vulnerability in FF 2.0
Post by: OrangeCrate on November 02, 2006, 03:50:35 PM

Quote from: bob3160 on November 02, 2006, 03:35:15 PM

That's actually when a flaw becomes a security breach. Everything else is simply an annoyance. IMHO  :)

Frankly, that's one of your "opinions" that ought to be etched in stone!

 ;D

Edit: Typo

Title: Re: First vulnerability in FF 2.0
Post by: Jarmo P on November 03, 2006, 07:50:39 AM

This is a bit off topic to this subject, but very interesting to see how unreadable this page is without NoScript running:
http://www.castlecops.com/t159501-suggest_a_firewall.html

All those google advertisements.

Many other forums are also much better to read with disabling them to have javascript.
Avast forum of course is an exception.

Title: Re: First vulnerability in FF 2.0
Post by: roro on November 03, 2006, 09:24:02 AM

I have been using NoScript for so long, that I didn't realize there were so many adds without it!!!

(http://smileys.sur-la-toile.com/repository/Grands_Smileys/dinosaure-t-rex.gif)

Ro Ro  8)

Title: Re: First vulnerability in FF 2.0
Post by: Jarmo P on November 03, 2006, 09:45:51 AM

Yes roro.
I don't use adblock or proxomitron or any, but NoScript basically keeps my internet surfing less flashing and advert free :)