Welcome to WebmasterWorld Guest from 50.19.0.90

Forum Moderators: incrediBILL

Message Too Old, No Replies

Firefox 3 suffers its first vulnerability -cnet

cnet news item

     
11:32 pm on Jun 18, 2008 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 7, 2005
posts:65
votes: 0


Less than one day after its launch, Firefox 3 has a vulnerability.

According to Tipping Point's Zero Day Initiative, the vulnerability, which it rates as critical, was reported within the first five hours of Firefox 3's release.

"Once the vulnerability was verified in TippingPoint's DVLabs and acquired from the researcher, the vulnerability was promptly reported to the Mozilla security team," said a representative.

Although the Zero Day Initiative team does not offer specifics until the vendor has a chance to patch it, the blog post did say this vulnerability, which also affects Firefox 2, requires user interaction and could result in an attacker executing arbitrary code.

Mozilla is reported to be working on a fix.

The Zero Day Initiative has been criticized in the past for paying researchers who find vulnerabilities.


source: [news.cnet.com ]
8:17 am on June 19, 2008 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:Oct 12, 2000
posts:14470
votes: 49


Worth waiting for a patch on this one before upgrading?
3:46 am on June 23, 2008 (gmt 0)

Preferred Member

10+ Year Member

joined:May 30, 2005
posts:430
votes: 0


"...the blog post did say this vulnerability, which also affects Firefox 2..."

I'd say upgrade now, I already did and it's great.

seems the vulnerability is the same in FF2 and 3 anyways...

8:47 am on June 23, 2008 (gmt 0)

New User

10+ Year Member

joined:Aug 26, 2003
posts:23
votes: 0


If it requires user interaction it's probably something that won't happen to an experienced web surfer anyway. Just another company that wants some attention at the cost of the reputation of another. Why would they release such information now instead of before the release? The betas and release candidates have been out for months..
1:26 pm on June 23, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 20, 2004
posts:2377
votes: 0


Microsoft is playing dirty! Oh, I guess that does not surprise any of us... ;-)
2:44 pm on June 23, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 13, 2003
posts:1281
votes: 0


The Zero Day Initiative has been criticized in the past for paying researchers who find vulnerabilities.

Why? It makes sense to pay someone skilled to evaluate software to find a vulnerability.
9:28 pm on June 23, 2008 (gmt 0)

Preferred Member

joined:June 2, 2003
posts:376
votes: 0


"Microsoft is playing dirty!"

Right, as it did in 1999 when it run the SMP Mindcraft tests against Linux.

This new fiasco is only Mozilla's fault.

6:13 pm on June 24, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member whoisgregg is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Dec 9, 2003
posts:3416
votes: 0


The Zero Day Initiative has been criticized in the past for paying researchers who find vulnerabilities.

Why? It makes sense to pay someone skilled to evaluate software to find a vulnerability.

I imagine the issue here is that it's an independent company paying third parties to find vulnerabilities.

It's a bit like your neighbor paying a locksmith to check if you locked all your windows and doors and, if they find one that's open, to rummage around your house to see if you left any valuables laying around.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members