homepage Welcome to WebmasterWorld Guest from 54.234.2.88
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Browsers / Firefox Browser Usage and Support
Forum Library, Charter, Moderators: incrediBILL

Firefox Browser Usage and Support Forum

    
Firefox 3 suffers its first vulnerability -cnet
cnet news item
teylyn




msg:3678148
 11:32 pm on Jun 18, 2008 (gmt 0)

Less than one day after its launch, Firefox 3 has a vulnerability.

According to Tipping Point's Zero Day Initiative, the vulnerability, which it rates as critical, was reported within the first five hours of Firefox 3's release.

"Once the vulnerability was verified in TippingPoint's DVLabs and acquired from the researcher, the vulnerability was promptly reported to the Mozilla security team," said a representative.

Although the Zero Day Initiative team does not offer specifics until the vendor has a chance to patch it, the blog post did say this vulnerability, which also affects Firefox 2, requires user interaction and could result in an attacker executing arbitrary code.

Mozilla is reported to be working on a fix.

The Zero Day Initiative has been criticized in the past for paying researchers who find vulnerabilities.


source: [news.cnet.com ]

 

bill




msg:3678343
 8:17 am on Jun 19, 2008 (gmt 0)

Worth waiting for a patch on this one before upgrading?

Gomvents




msg:3681184
 3:46 am on Jun 23, 2008 (gmt 0)

"...the blog post did say this vulnerability, which also affects Firefox 2..."

I'd say upgrade now, I already did and it's great.

seems the vulnerability is the same in FF2 and 3 anyways...

eriky




msg:3681282
 8:47 am on Jun 23, 2008 (gmt 0)

If it requires user interaction it's probably something that won't happen to an experienced web surfer anyway. Just another company that wants some attention at the cost of the reputation of another. Why would they release such information now instead of before the release? The betas and release candidates have been out for months..

maximillianos




msg:3681412
 1:26 pm on Jun 23, 2008 (gmt 0)

Microsoft is playing dirty! Oh, I guess that does not surprise any of us... ;-)

SEOMike




msg:3681507
 2:44 pm on Jun 23, 2008 (gmt 0)

The Zero Day Initiative has been criticized in the past for paying researchers who find vulnerabilities.

Why? It makes sense to pay someone skilled to evaluate software to find a vulnerability.

zafile




msg:3681878
 9:28 pm on Jun 23, 2008 (gmt 0)

"Microsoft is playing dirty!"

Right, as it did in 1999 when it run the SMP Mindcraft tests against Linux.

This new fiasco is only Mozilla's fault.

whoisgregg




msg:3682611
 6:13 pm on Jun 24, 2008 (gmt 0)

The Zero Day Initiative has been criticized in the past for paying researchers who find vulnerabilities.

Why? It makes sense to pay someone skilled to evaluate software to find a vulnerability.

I imagine the issue here is that it's an independent company paying third parties to find vulnerabilities.

It's a bit like your neighbor paying a locksmith to check if you locked all your windows and doors and, if they find one that's open, to rummage around your house to see if you left any valuables laying around.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Browsers / Firefox Browser Usage and Support
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved