Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > FireFox flaw

Reply
Thread Tools

FireFox flaw

 
 
pcbutts1
Guest
Posts: n/a
 
      07-23-2005
http://news.yahoo.com/s/pcworld/2005...pcworld/121918

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com




 
Reply With Quote
 
 
 
 
Old Gringo
Guest
Posts: n/a
 
      07-23-2005
pcbutts1 wrote:
> http://news.yahoo.com/s/pcworld/2005...pcworld/121918
>

Saw that the other day, but don't use Greasemonkey.

--
Old Gringo George
Magic Weaver Of Life
Enjoy Life And Live It To Its Fullest
Freedom For The World <http://www.nuboy-Industries.com>
 
Reply With Quote
 
 
 
 
Barney
Guest
Posts: n/a
 
      07-23-2005
"pcbutts1" <(E-Mail Removed)> had writtennews:NrhEe.6059$_%4.5054
@newssvr14.news.prodigy.com:

> http://news.yahoo.com/s/pcworld/2005...pcworld/121918
>


It would appear the "Greasemonkey extension" is at fault.

--
Barney __________________________
Wisdom from the sleeping dogs!
 
Reply With Quote
 
Pennywise@DerryMaine.Gov
Guest
Posts: n/a
 
      07-23-2005
"pcbutts1" <(E-Mail Removed)> wrote:

|>http://news.yahoo.com/s/pcworld/2005...pcworld/121918

Isn't that a drag! The very day I was going to switch to Firefox (I
use Opera) the Greasemonkey flaw surfaced.

I was going to use Greasemonkey and platypus to remove the Beta from
Google.groups so I can view them like they were ment to be view'd.

http://www.google.ae/grphp?hl=en is my non Beta group area, you can
see their ready to switch over.
--
 
Reply With Quote
 
Oxford Systems
Guest
Posts: n/a
 
      07-23-2005
"pcbutts1" <(E-Mail Removed)> wrote in message
news:NrhEe.6059$_%(E-Mail Removed) m...
> http://news.yahoo.com/s/pcworld/2005...pcworld/121918


<Quote>
Greasemonkey Opens Hole in Firefox
A serious security flaw has been discovered in Greasemonkey, a widely used
extension to the Mozilla Firefox browser.

....

Greasemonkey is an extension, or add-on, to Firefox that allows users to
customize the sites they view using powerful scripting tools. The problem is
that certain of Greasemonkey's functions are exposed in an insecure way,
allowing them to be exploited by a malicious site.

"Running a Greasemonkey script on a site can expose the contents of every
file on your local hard drive to that site," wrote Mark Pilgrim, who
discovered the flaw, in an email to the Greasemonkey mailing list this week.

....
Greasemonkey's developer advises users to upgrade to the most recent
version, 0.3.5, which fixes the problem by disabling the tool's more
advanced features. The bug affects all previous versions, researchers said.


Firefox doesn't have an equivalent of ActiveX, the component of Microsoft
Internet Explorer that allows Web sites to run powerful scripts on a user's
system, which is often used in attacks and in spyware. Firefox extensions
can be as powerful as the developer likes, but cannot automatically install
themselves as can ActiveX controls.

</Quote>



 
Reply With Quote
 
Oxford Systems
Guest
Posts: n/a
 
      07-23-2005
<(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "pcbutts1" <(E-Mail Removed)> wrote:
>
> |>http://news.yahoo.com/s/pcworld/2005...pcworld/121918
>
> Isn't that a drag! The very day I was going to switch to Firefox (I
> use Opera) the Greasemonkey flaw surfaced.


But...Greasemonkey isn't a part of Firefox any more than the Google toolbar
(for one example) is a part of IE. And besides that, the flaw in
Greasemonkey has been addressed in the latest release. (How long would it
take a "pay for play" vendor like MS to get around to fixing a similar
flaw?)


 
Reply With Quote
 
Pennywise@DerryMaine.Gov
Guest
Posts: n/a
 
      07-23-2005
"Oxford Systems" <(E-Mail Removed)> wrote:

|><(E-Mail Removed)> wrote in message
|>news:(E-Mail Removed). ..
|>> "pcbutts1" <(E-Mail Removed)> wrote:
|>>
|>> |>http://news.yahoo.com/s/pcworld/2005...pcworld/121918
|>>
|>> Isn't that a drag! The very day I was going to switch to Firefox (I
|>> use Opera) the Greasemonkey flaw surfaced.

|>But...Greasemonkey isn't a part of Firefox any more than the Google toolbar
|>(for one example) is a part of IE.

I need to use FireFox to run GreaseMonkey and platypus, Opera has the
ability to do what GM does, but it uses User JavaScripts and a lot
harder to set-up and not as powerful.

|>And besides that, the flaw in
|>Greasemonkey has been addressed in the latest release. (How long would it
|>take a "pay for play" vendor like MS to get around to fixing a similar
|>flaw?)

They didn't fix it, they dummy'd it up by removing the API's
http://diveintogreasemonkey.org/api/

This was address'd on /.
http://it.slashdot.org/it/05/07/19/143241.shtml and mention'd that
FireFox is still a minority browser and people who use GM downright
rare.

I still have an old version of GM and just might set it up any way.
Chances of me using GM to access a web page that a white paper says
can exist is very very small.
--
 
Reply With Quote
 
why?
Guest
Posts: n/a
 
      07-23-2005

On Sat, 23 Jul 2005 01:54:53 GMT, pcbutts1 wrote:

>http://news.yahoo.com/s/pcworld/2005...pcworld/121918


Another OH there's a FF flaw, it's not.

It's a problem with an addon 3rd party extension which already has a
updated version.

Me
 
Reply With Quote
 
Krull
Guest
Posts: n/a
 
      07-24-2005
pcbutts1 wrote:

> http://news.yahoo.com/s/pcworld/2005...pcworld/121918


I know you're just the messenger, but this ISN'T a Firefox flaw,
it's a flaw in a third-party Firefox EXTENSION. There IS a big
difference. Any Firefox user that doesn't have this extension
installed is NOT going suffer this flaw in any possible way.

To call it a Firefox flaw is like saying your car has a flaw
because you installed new seat covers in it.


 
Reply With Quote
 
pcbutts1
Guest
Posts: n/a
 
      07-25-2005
Did you read all the other replies and then post this.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"Krull" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> pcbutts1 wrote:
>
>> http://news.yahoo.com/s/pcworld/2005...pcworld/121918

>
> I know you're just the messenger, but this ISN'T a Firefox flaw,
> it's a flaw in a third-party Firefox EXTENSION. There IS a big
> difference. Any Firefox user that doesn't have this extension
> installed is NOT going suffer this flaw in any possible way.
>
> To call it a Firefox flaw is like saying your car has a flaw
> because you installed new seat covers in it.
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Another IE 7 security flaw pops up - GET FIREFOX! Au79 Computer Support 22 11-04-2006 05:24 AM
Unpatchable Flaw in Firefox??? Victor Firefox 7 10-04-2006 06:54 PM
Outlook TNEF flaw could be much worse than WMF flaw Au79 Computer Support 0 01-13-2006 10:48 PM
Does Firefox Contain an Old Security Flaw? Agent777 Firefox 4 06-09-2005 10:15 AM
Flaw found in Firefox - Published: April 5, 2005.....( NEWBIE ) Ron Firefox 14 04-14-2005 03:38 AM



Advertisments