homepage Welcome to WebmasterWorld Guest from 54.161.246.212
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Browsers / Firefox Browser Usage and Support
Forum Library, Charter, Moderators: incrediBILL

Firefox Browser Usage and Support Forum

    
Firefox - Zero day exploit on Nobel Peace Prize website
This one is dangerous says Mozilla
tangor

WebmasterWorld Senior Member tangor us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4222522 posted 12:47 am on Oct 27, 2010 (gmt 0)

Install NoScript or turn Javascript off for this site (and possibly others)...

Malicious hackers have exploited an unpatched vulnerability in the latest version of Firefox to attack people visiting the Nobel Peace Prize website, a Norway-based security firm said on Tuesday.

Mozilla representatives confirmed a "critical vulnerability" in versions 3.5 and 3.6 of the open-source browser. It came several hours after the organization members were said to have made the same admission on this password-protected Bugzilla page.

According to Einar Oftedal, a detection executive at Norman ASA in Oslo, the official website for the Nobel Peace prize, nobelpeaceprize . org, was compromised so that it contained an iframe link to a malicious server.

[theregister.co.uk...]

 

Sgt_Kickaxe

WebmasterWorld Senior Member sgt_kickaxe us a WebmasterWorld Top Contributor of All Time



 
Msg#: 4222522 posted 2:49 am on Oct 27, 2010 (gmt 0)

Turn javascript off... and kiss adsense earnings goodbye too.

Javascript is getting some bad press of late, time to write an "if javascript turned off do such and such" script so your site doesn't lose ad revenue. I'm already seeing near 10% of my traffic having javascript off this month, according to analytics, but I don't know how much of that 10% is bots etc. 10% is already a lot.

edit: Link to incredibill post on "noscript" to avoid earnings loss related to having javascript turned off - [forums.searchenginewatch.com...]

[edited by: Sgt_Kickaxe at 3:00 am (utc) on Oct 27, 2010]

bill

WebmasterWorld Administrator bill us a WebmasterWorld Top Contributor of All Time 10+ Year Member Best Post Of The Month



 
Msg#: 4222522 posted 2:57 am on Oct 27, 2010 (gmt 0)

Turn java off

ahem...it's JavaScript, not Java. They are two very different things that unfortunately have similar names.

yaix2

5+ Year Member



 
Msg#: 4222522 posted 8:02 am on Oct 27, 2010 (gmt 0)

"...vulnerability in Firefox to force end users to install malware ... The Windows executable was created on Sunday..."

Looks like its only Javascript on FF on Windows?

tangor

WebmasterWorld Senior Member tangor us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4222522 posted 8:14 am on Oct 27, 2010 (gmt 0)

Turn java off


ahem...it's JavaScript, not Java. They are two very different things that unfortunately have similar names.


bill... nobody is talking about Java!

Heck, nobody even has to have that installed! (I don't, for example)...

bill

WebmasterWorld Administrator bill us a WebmasterWorld Top Contributor of All Time 10+ Year Member Best Post Of The Month



 
Msg#: 4222522 posted 9:13 am on Oct 27, 2010 (gmt 0)

bill... nobody is talking about Java!

Sgt_Kickaxe edited his post. It was quite different before. ;)

tangor

WebmasterWorld Senior Member tangor us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4222522 posted 9:51 am on Oct 27, 2010 (gmt 0)

bill...

Apologies! (knew you knew better, shoulda kept mouth shut etc. ...)

Now I have egg on face! Thanks!

Somebody throw me a towel... or some Tabasco...

r4bet

5+ Year Member



 
Msg#: 4222522 posted 10:32 am on Oct 27, 2010 (gmt 0)

China -.-

SEOVisits

5+ Year Member



 
Msg#: 4222522 posted 5:44 pm on Oct 27, 2010 (gmt 0)

The catch 22 is NoScript is one of the few ways to stay protected on the web.

Hugene

10+ Year Member



 
Msg#: 4222522 posted 7:07 pm on Oct 27, 2010 (gmt 0)

Agreed r4bet, chances are China is behind this. Hilarious in a sickening way.

phranque

WebmasterWorld Administrator phranque us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4222522 posted 7:13 am on Oct 28, 2010 (gmt 0)

china

maybe related to liu xiaobo?

tangor

WebmasterWorld Senior Member tangor us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4222522 posted 11:58 pm on Oct 28, 2010 (gmt 0)

I think FF has issued a patch... there was something that came through early morning/last night, but dang it I was tired and not paying attention when I clicked RESTART FIREFOX FOR UPDATES... Will go take a look, but if anyone has that info, please post... The Mozilla guys seem to take these exploit things very seriously.

tedster

WebmasterWorld Senior Member tedster us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4222522 posted 12:21 am on Oct 29, 2010 (gmt 0)

They did fix a critical 0-day exploit in the just released version 3.6.12 - not sure if it is THE 0-day exploit or not, but I think so.

Fixed in Firefox 3.6.12
MFSA 2010-73 Heap buffer overflow mixing document.write and DOM insertion

[mozilla.org...]


https://bugzilla.mozilla.org/show_bug.cgi?id=607222 has the Bug Report from 2010-10-25

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Browsers / Firefox Browser Usage and Support
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved