« previous next »
Pages: [1]   Go Down

Author Topic: First vulnerability in FF 2.0  (Read 5040 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33913
  • malware fighter
First vulnerability in FF 2.0
« on: November 01, 2006, 01:24:27 PM »
Hi malware fighters,

We could have waited for it, now it is here, a hole in FF 2.0. Only able to crash the browser now, look here:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5633

A proof of concept: http://werterxyz.altervista.org/Firefox2Range.htm
(Does not work with NoScript enabled, people do not know what a gigantic protection can be achieved by installing the NoScript add-on for FF or Flock).

polonus
« Last Edit: November 01, 2006, 01:28:28 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline OrangeCrate

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 798
Re: First vulnerability in FF 2.0
« Reply #1 on: November 01, 2006, 01:32:13 PM »
Already posted by Cloussau here:

http://forum.avast.com/index.php?topic=24536.45
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89116
  • No support PMs thanks
Re: First vulnerability in FF 2.0
« Reply #2 on: November 01, 2006, 01:33:24 PM »
Yes, NoScript is very handy for these and any other script attacks when you arrive at an unknown site.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re: First vulnerability in FF 2.0
« Reply #3 on: November 02, 2006, 12:43:27 PM »
And its a MultiPlatform bug as it crashes the Mac version too
Logged
"People who are really serious about software should make their own hardware." - Alan Kay

Offline OrangeCrate

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 798
Re: First vulnerability in FF 2.0
« Reply #4 on: November 02, 2006, 02:30:16 PM »
Firefox has roughly 10% of the browser market, and it's well known, that it is used heavily by computer savvy folks. I wonder how many of those users aren't using NoScript? Kind of a non-starter don't ya think?  ;)

Edit: Typo
« Last Edit: November 02, 2006, 02:38:07 PM by OrangeCrate »
Logged

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: First vulnerability in FF 2.0
« Reply #5 on: November 02, 2006, 02:42:58 PM »
Logged
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48585
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: First vulnerability in FF 2.0
« Reply #6 on: November 02, 2006, 03:35:15 PM »
Quote from: FreewheelinFrank on November 02, 2006, 02:42:58 PM
Update on the story:

http://news.com.com/Another+denial-of-service+bug+found+in+Firefox+2/2100-1002_3-6131624.html?tag=cd.top

Quote
Release of the new Web browsers set off a race among bug hunters to come up with the first security hole in either program.
So far, though, none of the reported flaws could be exploited to hijack a PC running the browser, the most serious type of vulnerability.

That's actually when a flaw becomes a security breach. Everything else is simply an annoyance. IMHO  :)
Logged
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline OrangeCrate

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 798
Re: First vulnerability in FF 2.0
« Reply #7 on: November 02, 2006, 03:50:35 PM »
Quote from: bob3160 on November 02, 2006, 03:35:15 PM
That's actually when a flaw becomes a security breach. Everything else is simply an annoyance. IMHO  :)

Frankly, that's one of your "opinions" that ought to be etched in stone!

 ;D

Edit: Typo
« Last Edit: November 02, 2006, 03:56:44 PM by OrangeCrate »
Logged

Jarmo P

  • Guest
Re: First vulnerability in FF 2.0
« Reply #8 on: November 03, 2006, 07:50:39 AM »
This is a bit off topic to this subject, but very interesting to see how unreadable this page is without NoScript running:
http://www.castlecops.com/t159501-suggest_a_firewall.html

All those google advertisements.

Many other forums are also much better to read with disabling them to have javascript.
Avast forum of course is an exception.
Logged

roro

  • Guest
Re: First vulnerability in FF 2.0
« Reply #9 on: November 03, 2006, 09:24:02 AM »
I have been using NoScript for so long, that I didn't realize there were so many adds without it!!!



Ro Ro  8)
Logged

Jarmo P

  • Guest
Re: First vulnerability in FF 2.0
« Reply #10 on: November 03, 2006, 09:45:51 AM »
Yes roro.
I don't use adblock or proxomitron or any, but NoScript basically keeps my internet surfing less flashing and advert free :)
Logged
Pages: [1]   Go Up
« previous next »