homepage Welcome to WebmasterWorld Guest from 107.22.70.215
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor
Home / Forums Index / Browsers / Firefox Browser Usage and Support
Forum Library, Charter, Moderators: incrediBILL

Firefox Browser Usage and Support Forum

    
Firefox - Zero day exploit on Nobel Peace Prize website
This one is dangerous says Mozilla
tangor




msg:4222524
 12:47 am on Oct 27, 2010 (gmt 0)

Install NoScript or turn Javascript off for this site (and possibly others)...

Malicious hackers have exploited an unpatched vulnerability in the latest version of Firefox to attack people visiting the Nobel Peace Prize website, a Norway-based security firm said on Tuesday.

Mozilla representatives confirmed a "critical vulnerability" in versions 3.5 and 3.6 of the open-source browser. It came several hours after the organization members were said to have made the same admission on this password-protected Bugzilla page.

According to Einar Oftedal, a detection executive at Norman ASA in Oslo, the official website for the Nobel Peace prize, nobelpeaceprize . org, was compromised so that it contained an iframe link to a malicious server.

[theregister.co.uk...]

 

Sgt_Kickaxe




msg:4222560
 2:49 am on Oct 27, 2010 (gmt 0)

Turn javascript off... and kiss adsense earnings goodbye too.

Javascript is getting some bad press of late, time to write an "if javascript turned off do such and such" script so your site doesn't lose ad revenue. I'm already seeing near 10% of my traffic having javascript off this month, according to analytics, but I don't know how much of that 10% is bots etc. 10% is already a lot.

edit: Link to incredibill post on "noscript" to avoid earnings loss related to having javascript turned off - [forums.searchenginewatch.com...]

[edited by: Sgt_Kickaxe at 3:00 am (utc) on Oct 27, 2010]

bill




msg:4222562
 2:57 am on Oct 27, 2010 (gmt 0)

Turn java off

ahem...it's JavaScript, not Java. They are two very different things that unfortunately have similar names.

yaix2




msg:4222637
 8:02 am on Oct 27, 2010 (gmt 0)

"...vulnerability in Firefox to force end users to install malware ... The Windows executable was created on Sunday..."

Looks like its only Javascript on FF on Windows?

tangor




msg:4222641
 8:14 am on Oct 27, 2010 (gmt 0)

Turn java off


ahem...it's JavaScript, not Java. They are two very different things that unfortunately have similar names.


bill... nobody is talking about Java!

Heck, nobody even has to have that installed! (I don't, for example)...

bill




msg:4222663
 9:13 am on Oct 27, 2010 (gmt 0)

bill... nobody is talking about Java!

Sgt_Kickaxe edited his post. It was quite different before. ;)

tangor




msg:4222671
 9:51 am on Oct 27, 2010 (gmt 0)

bill...

Apologies! (knew you knew better, shoulda kept mouth shut etc. ...)

Now I have egg on face! Thanks!

Somebody throw me a towel... or some Tabasco...

r4bet




msg:4222681
 10:32 am on Oct 27, 2010 (gmt 0)

China -.-

SEOVisits




msg:4222893
 5:44 pm on Oct 27, 2010 (gmt 0)

The catch 22 is NoScript is one of the few ways to stay protected on the web.

Hugene




msg:4222927
 7:07 pm on Oct 27, 2010 (gmt 0)

Agreed r4bet, chances are China is behind this. Hilarious in a sickening way.

phranque




msg:4223213
 7:13 am on Oct 28, 2010 (gmt 0)

china

maybe related to liu xiaobo?

tangor




msg:4223645
 11:58 pm on Oct 28, 2010 (gmt 0)

I think FF has issued a patch... there was something that came through early morning/last night, but dang it I was tired and not paying attention when I clicked RESTART FIREFOX FOR UPDATES... Will go take a look, but if anyone has that info, please post... The Mozilla guys seem to take these exploit things very seriously.

tedster




msg:4223657
 12:21 am on Oct 29, 2010 (gmt 0)

They did fix a critical 0-day exploit in the just released version 3.6.12 - not sure if it is THE 0-day exploit or not, but I think so.

Fixed in Firefox 3.6.12
MFSA 2010-73 Heap buffer overflow mixing document.write and DOM insertion

[mozilla.org...]


https://bugzilla.mozilla.org/show_bug.cgi?id=607222 has the Bug Report from 2010-10-25

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Browsers / Firefox Browser Usage and Support
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved