Flaw found in Firefox - Published: April 5, 2005.....( NEWBIE )

Discussion in 'Firefox' started by Ron, Apr 12, 2005.

  1. Ron

    Ron Guest

    Can anyone comment on this topic?

    A flaw has been discovered in the popular open-source browser Firefox
    that could expose sensitive information stored in memory, Secunia has
    warned.

    Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security
    information company said in an advisory on Monday. The flaw stems from
    an error in the JavaScript engine that can expose arbitrary amounts of
    heap memory after the end of a JavaScript string. As a result, an
    exploit may disclose sensitive information in the memory, Secunia said.

    "Unlike other browser flaws, this one is not subject to phishing or
    access to the system. But it can expose sensitive information from other
    Web sites you visited and the information you entered there," said
    Thomas Kristensen, Secunia chief technology officer.
    Me TV: Finally, you are in control

    While the flaw is only rated as "moderately critical" by Secunia, the
    rapid adoption of the open-source browser means that many users may be
    at risk. Prior to the release of version 1.0, downloads of earlier
    versions of the browser had reached 8 million within the first 18 months.

    The Mozilla Foundation, which makes the Firefox browser, is working on a
    patch, and no cases have been reported, a representative for the group said.

    Secunia has developed a test that allows people to see whether their
    system is affected by the vulnerability.

    Here is the site to test your broswer!
    http://secunia.com/mozilla_products_arbitrary_memory_exposure_test/

    Ron...
     
    Ron, Apr 12, 2005
    #1
    1. Advertising

  2. Ron

    Gunther Guest

    In article <ByH6e.562360$>,
    says...
    > Can anyone comment on this topic?

    fixed in FF 1.0.3
     
    Gunther, Apr 12, 2005
    #2
    1. Advertising

  3. Ron

    Tony Pacc Guest

    There is no 1.0.3!
    "Gunther" <> wrote in message
    news:...
    > In article <ByH6e.562360$>,
    > says...
    > > Can anyone comment on this topic?

    > fixed in FF 1.0.3
    >
     
    Tony Pacc, Apr 12, 2005
    #3
  4. Ron

    Ed Mullen Guest

    Ed Mullen, Apr 12, 2005
    #4
  5. Ron

    Tony Raven Guest

    Re: Flaw found in Firefox - Published: April 5, 2005.....( NEWBIE)

    Tony Pacc wrote:
    > There is no 1.0.3!


    I think he meant the latest nightly build

    Tony
     
    Tony Raven, Apr 12, 2005
    #5
  6. Ron

    Wijja Guest

    Re: Flaw found in Firefox - Published: April 5, 2005.....( NEWBIE)

    Ron wrote:
    > Can anyone comment on this topic?
    >
    > A flaw has been discovered in the popular open-source browser Firefox
    > that could expose sensitive information stored in memory, Secunia has
    > warned.
    >
    > Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security
    > information company said in an advisory on Monday. The flaw stems from
    > an error in the JavaScript engine that can expose arbitrary amounts of
    > heap memory after the end of a JavaScript string. As a result, an
    > exploit may disclose sensitive information in the memory, Secunia said.
    >
    > "Unlike other browser flaws, this one is not subject to phishing or
    > access to the system. But it can expose sensitive information from other
    > Web sites you visited and the information you entered there," said
    > Thomas Kristensen, Secunia chief technology officer.
    > Me TV: Finally, you are in control
    >
    > While the flaw is only rated as "moderately critical" by Secunia, the
    > rapid adoption of the open-source browser means that many users may be
    > at risk. Prior to the release of version 1.0, downloads of earlier
    > versions of the browser had reached 8 million within the first 18 months.
    >
    > The Mozilla Foundation, which makes the Firefox browser, is working on a
    > patch, and no cases have been reported, a representative for the group
    > said.
    >
    > Secunia has developed a test that allows people to see whether their
    > system is affected by the vulnerability.
    >
    > Here is the site to test your broswer!
    > http://secunia.com/mozilla_products_arbitrary_memory_exposure_test/
    >
    > Ron...



    This still have a buttload of problems to fix with 1.02 anyway, so I
    don't suppose a security risk matters at this point. They busted it
    every which way they could (not like it worked well to begin with) so I
    won't be surprised if we see a lot more of these vulnerabilities showing
    up. Especially where extensions (yuck) are concerned.
     
    Wijja, Apr 12, 2005
    #6
  7. Ron

    Guest

    I have version 1.0.3
    :)
     
    , Apr 12, 2005
    #7
  8. Ron

    John Guest

    On Tue, 12 Apr 2005 21:11:25 GMT, wrote:

    >I have version 1.0.3
    >:)

    Where did you get it?

    John <><

    A wise monkey is a monkey who doesn't monkey
    with an other monkey's monkey.
    (A very free paraphrase of Exodus 20:14).
     
    John, Apr 12, 2005
    #8
  9. Ron

    GK Guest

    Re: Flaw found in Firefox - Published: April 5, 2005.....( NEWBIE)

    wrote:
    > I have version 1.0.3
    > :)


    Where, how, did you get 1.0.3?
     
    GK, Apr 12, 2005
    #9
  10. Ron

    Guest

    Hmmm I will post the link once I can get access to it. :) Sometimes can't
    get access. Either that or I can email the program.
    Thanks
     
    , Apr 12, 2005
    #10
  11. Ron

    Guest

    www.softex.meganet.lt/

    Link is down sometimes but once u get on there, the update for FF is there.
    You probably have to go back a few pages of downloads before you find it or
    perhaps you can do a search I dunno.

    Good luck.
     
    , Apr 13, 2005
    #11
  12. Ron

    Tony Raven Guest

    Re: Flaw found in Firefox - Published: April 5, 2005.....( NEWBIE)

    wrote:
    > www.softex.meganet.lt/
    >
    > Link is down sometimes but once u get on there, the update for FF is there.
    > You probably have to go back a few pages of downloads before you find it or
    > perhaps you can do a search I dunno.
    >
    > Good luck.


    So you trust a download of an "unreleased" version of FF from a
    Lithuanian website? Have you checked it for "extras"?

    Sheesh

    Tony
     
    Tony Raven, Apr 13, 2005
    #12
  13. Ron

    default Guest

    On Wed, 13 Apr 2005 08:29:15 +0100, Tony Raven <>
    wrote:

    > wrote:
    >> www.softex.meganet.lt/
    >>
    >> Link is down sometimes but once u get on there, the update for FF is there.
    >> You probably have to go back a few pages of downloads before you find it or
    >> perhaps you can do a search I dunno.
    >>
    >> Good luck.

    >
    >So you trust a download of an "unreleased" version of FF from a
    >Lithuanian website? Have you checked it for "extras"?
    >
    >Sheesh
    >
    >Tony


    1.0.3 beta is on the Mozilla site:

    http://ftp.mozilla.org/pub/mozilla....1.0.1/firefox-1.0.3.en-US.win32.installer.exe

    ----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
    http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
    ----= East and West-Coast Server Farms - Total Privacy via Encryption =----
     
    default, Apr 13, 2005
    #13
  14. Ron

    Guest

    *rolls* his eyes
     
    , Apr 13, 2005
    #14
  15. Ron

    Gunther Guest

    In article <zcX6e.912$>,
    says...
    > wrote:
    > > I have version 1.0.3
    > > :)

    >
    > Where, how, did you get 1.0.3?


    Sorry, I should have been more precise:
    I'm running a nightly build (specifically from
    mozilla.org/firefox/nightly/2005-04-06-19-aviary1.0.1/
    I think). It reports it self in Help->About as 1.0.3
    and it does not have the problem.

    Gunther

    >
     
    Gunther, Apr 14, 2005
    #15
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Joseph Davies [MSFT]
    Replies:
    0
    Views:
    501
    Joseph Davies [MSFT]
    Apr 17, 2006
  2. David Troxell - Encourager Software

    Home Theater Profile Exchange - April 15 2005

    David Troxell - Encourager Software, Apr 16, 2005, in forum: DVD Video
    Replies:
    0
    Views:
    830
    David Troxell - Encourager Software
    Apr 16, 2005
  3. serge
    Replies:
    0
    Views:
    314
    serge
    May 4, 2005
  4. Au79
    Replies:
    0
    Views:
    487
  5. Mike Russell

    The April Curvemeister Class starts tomorrow, April 1

    Mike Russell, Mar 31, 2007, in forum: Digital Photography
    Replies:
    21
    Views:
    1,016
    evadnikufesin
    Apr 2, 2007
Loading...

Share This Page