digg

Join DiggAbout

Discover the best of the web!
Learn more about Digg by taking the tour.

Unpatched Firefox flaw may expose users

news.com.com — A new, unpatched flaw in that affects all versions of Firefox could let attackers surreptitiously run malicious code on users' PCs, a security researcher has warned.

Bury
show profanity settings
expand all
  • paintist, on 10/12/2007, -0/+0Why doesn't this security researcher give this news to Firefox devs BEFORE the released 1.5?
  • strangnet, on 10/12/2007, -0/+0Just disable IDN in about:config and Firefox won't be affected by the vulnerability.
  • snyy, on 10/12/2007, -0/+0not to worried will be patched soon enofe
  • TigerClaw, on 10/12/2007, -0/+0Or don't install the 1.5 beta until they released an official version with the fix.
  • KNon, on 10/12/2007, -0/+0Wow, never seen this one coming.
  • j@ckle, on 10/12/2007, -0/+0I thought this was to be disabled by default after IE was blamed for the same thing. Like strangnet said...just go to about:config and set 'network.enableIDN' to 'false'.
  • volcompimp, on 10/12/2007, -0/+0At least we're not using IE...
  • hoovernj, on 10/12/2007, -0/+0Here's a link to the exploit: http://www.milw0rm.com/id.php?id=1204
  • Voide, on 10/12/2007, -3/+0Theres probably tons more security holes in Firefox, but you guys wouldn't know since you're too busy bitchig about IE.

    Just tap your heals five times really fast and repeat - 'Every Browser Has Its Flaws'
  • doofus, on 10/12/2007, -1/+1Lies, all lies. Firefox is flawless and you know it.
  • Software2, on 10/12/2007, -3/+0Woo! Freaking fanboys have to shut up for a few minutes now!

    Mac has viruses, linux crashes, firefox is insecure. LIVE WITH IT.
  • Coffee33, on 10/12/2007, -1/+1Nothing is perfect but firefox is a hell of a lot better then all the other browsers I have used in the past and I plan to stick with it until something better comes along.
    http://www.geek2us.net
    Coffee
  • chilimonkey, on 10/12/2007, -0/+1Voide actually I do know,
    I think I'd choose Firefox's 22 alltime vulnerabilities to IE's 85.
    IE 6.1 : http://secunia.com/product/11/
    Firefox 1.x : http://secunia.com/product/4227/
  • sneakerelph, on 10/12/2007, -0/+0and i suppose you use windows and IE too? you're ALOT more vulnerable that we are.
  • Schrade, on 10/12/2007, -0/+3To work around this bug, just do the following:

    1) Go to your address bar and type about:config and hit enter
    2) In the Filter bar type network.en It will then filter all the settings to only show a couple of them.
    3) In the area where the settings are, change network.enableIDN from TRUE to FALSE. All you need to do is double click on it to toggle it. I repeat: Change it from true to FALSE.

    You're patched. All done.
  • eclectro, on 10/12/2007, -0/+0^^thanks.
  • Iccanui, on 10/12/2007, -1/+0Ofcourse they all have flaws. The question is, you want a company that truly cares and focuses on security and usability and is proactive in supporting a industry standard for platforms such as flash, shockwave, java, php and pretty much anything out on the net. MS tries to force yout o do things their why, so you have to be locked into them and are screwed otherwise, while FF listens to the community and the developers of said platforms and works to better its interaction with them.


    Firefox is superior in the following ways :

    1. Its recognition of bugs which it not only finds itself but are submited by the community. Its open source at its finest.

    2. In recognition of a bug or exploit, upon a efficent verification of said bug/exploit, a patch is released and the sitation is resolved.

    3. Due to 1 and 2, its a much more secure browser, making it safer to use, which is why the US government has moved to not only support its usage on their sites, but in many sectors have switched to it for added security.

    4. The funcationality through tabbed browsing and extentions puts IE to the dirt. You cant deny that the intigration of the extentions and the wide variety of them cant be challanged.

    5. Its open source. If you cant understand why open source is good, ill be happy to break it down in detail.

    I could probably come up with many more, but i have ADD and im done.


    Long live FF and open source.
  • Voide, on 10/12/2007, -1/+1Chillimonkey, I'm not going to talk just to you, but most people that protest this in the "Firefox vs. IE" battle.

    Internet Explorer isn't as secure, because IT'S 5 YEARS OLD. Let Firefox age 5 years, and it'd have just as much, if not more, security holes as Internet Explorer has.

    You cant expect a 5 year old piece of software, even with the patches Microsoft releases, to be bug-less. Which, yes, Microsoft has dropped the ball on, not only IE, but on the Windows operating system. Its unacceptable that its taken them 5 years (and counting) to come out with a new operating system and browser.

    Either way, IE7's coming out soon. I've had the chance of using it for 1-2 months, and it has some nice changes.

    And, listen, I have no problem with OTHER PEOPLE using Firefox, but when I'm insulted by Firefox users for using Internet Explorer (in the past, not now), I start to take some vigilantly justice.
  • Voide, on 10/12/2007, -0/+0iccanui, the only thing I can say is, Mozilla's able to respond so fast to bugs because browsers are "what they do." Microsoft has a bunch of other crap to worry about. Microsoft is a huge company, and cant focus solely on a bowser.

    ...can't say much more then that.
  • notkevin, on 10/12/2007, -0/+1All software with large code bases has bugs. A lot of those bugs will lead to security vulnerabilities. An open source and a closed source development model will probably have the same about of security problems. The best thing anyone can do is keep up to date with patches and practice safe browsing.
  • tempusrob, on 10/12/2007, -0/+0voide: "Microsoft is a huge company, and cant focus solely on a bowser."

    They have a browser development team...
  • mu-sly, on 10/12/2007, -1/+0@voide: "Let Firefox age 5 years, and it'd have just as much, if not more, security holes as Internet Explorer has."

    Utter, utter *****! The only reason IE has been left to stagnate for five years is because MS didn't give a crap about anything except winning the browser war. Once it was won, that was it, they didn't care any more. FF will not get left to stagnate for five years, because the people behind FF are interested in making the best software, not having the commercial advantage for maximum financial gain. So, the scenario you are trying to use to prove your point is completely unlikely, and will never exist.

    "Either way, IE7's coming out soon. I've had the chance of using it for 1-2 months, and it has some nice changes."

    Yet it will still be an utter piece of crap that is years behind the competition, not just on features, but on standards support too. Oh, and all you people running Windows older than XP can go to hell, because you can't run it. Really, as if you were in need of yet *another* reason not to use a browser tied into your OS!? What a ***** joke.

    "I start to take some vigilantly justice."

    Really? Well it's too bad you didn't learn to spell, buttmunch. The thought of your "vigilantly" justice has me *really* ***** my pants.
  • Pooavenger, on 10/12/2007, -0/+0isn't that what all flaws do....
  • FyberOptic, on 10/12/2007, -0/+0And Opera still retains its record for least flaws ever.
  • joe_mama, on 10/12/2007, -1/+0Same flaw has happened to IE long time ago, and fireFOX developers made the same mistake. Can you say "dumb ass"?
  • rousehouse, on 10/12/2007, -0/+0LOL... let's start the clock and see how long it takes to fix.

    And now, for the requisite fanboy arguments: As a result of this digg news, I will conclude that FireFox is awesome/sucks, IE rocks/blows, Opera rules/drools/is not relevant/can toast a bagel using BitTorrent. ;-)
  • Agret, on 10/12/2007, -0/+0"And Opera still retains its record for least flaws ever."

    You mean people actually use Opera? Damn I'd better start exploting that 0.001% of people on the net!
  • strangnet, on 10/12/2007, -0/+0"Most people have ZERO problems with windows and IE".

    Do you have any figures backing that up? How is it that everyone I've introduced to Firefox or Opera love it and won't turn back? Why is it that everone with spyware problems and hijack problems have been using IE?

    Tell me why a browser that doesn't follow standards and work against a web that is accessible to everyone can even be considered as good?
  • Phatlip12, on 10/12/2007, -0/+0Latest news...
    http://news.com.com/Mozilla+offers+temporary+fix+for+Firefox+flaw/2100-1002_3-5857511.html?part=rss&tag=5857511&subj=news
  • Optimus, on 10/12/2007, -0/+0jkfan87 again.. Die man, die. You're so angry it's sick. Everything you spewed about people is 100% true of you. Freudian Projection to the max.
  • Voide, on 10/12/2007, -0/+0You people wouldn't have problems using Internet Explorer if you stayed of the gay porn...
  • Voide, on 10/12/2007, -0/+0mu-sly - I'm using a laptop keyboard, when I was getting used to a regular desktop keyboard, and my fingers hit the wrong buttons sometimes, and I dont double check my comments.

    If the only thing you can do to defend yourself is to point out spelling errors, get a life...
  • mu-sly, on 10/12/2007, -0/+0@voide: No, I pointed out that your pro-IE arguments don't make sense because they cannot be applied to a non-commercial product. Furthermore, the "of course it's crap because it's 5 years old" apologetic logic is also moot - it's MS's fault if they don't update their stuff, of course it will be superseded by newer products!

    I also pointed out that you appear to be a dumbass, and I'm doing it again now. If you don't double check your comments and want to look like a fool, it's not my problem. If your typing is as good as your reasoning abilities and knowledge of web browsers, perhaps you'd like to go away and learn a few things before spouting your clueless views? (Or, spout them, and expect rebuttals.)

    Sure, there are some reasons for using IE, as there are reasons that FF also suffers from security problems, but the points you make in defense of IE are extremely weak. The fact that you misspelled your troll (tell me, how did you accidentally hit "ly" when you needed "e"...?) just adds to the hilarity!

    The reason I have taken you to pieces is because not only are you making incredibly weak arguments in support of IE, but you're making idiotic, misspelled, trollish word-threats to total strangers on a tech news website! In case you didn't notice, this article is about Firefox! You're telling me to get a life?
  • mancat, on 10/12/2007, -0/+0"How is it that everyone I've introduced to Firefox or Opera love it and won't turn back?"

    Maybe that's just what they tell you, so that they won't have to sit through another five minute lecture on a bunch of computery gibberish that they don't give a crap about. Be glad that your friends value your feelings well enough to humor you when it's necessary.
  • strangnet, on 10/12/2007, -0/+0"Maybe that's just what they tell you, so that they won't have to sit through another five minute lecture on a bunch of computery gibberish that they don't give a crap about. Be glad that your friends value your feelings well enough to humor you when it's necessary."

    Well, I don't know what kind of friends you associate yourself with, but mine are honest and say what they feel and aren't afraid to discuss things. Too bad for you, then...
    It's not computer gibberish to enhance the web browsing and give back the control to the user. But, hey, if you think that IE is so much better then I won't stop you - but please don't whine because there are others who have the privelege to use a web browser instead of a file browser with web interface rid with bugs and that ain't compatible with web standards.
  • mroy, on 10/12/2007, -0/+0It doesn't matter what software, browser, or OS you're using, it's going to have flaws, vulnerabilities and holes, because even the best programmers aren't perfect and can't foresee all the problems that may come up. The big oversights only come out of the woodworks when enough people start using it that it becomes a good target for attacks. I'm sick of hearing people say that other OS's and other browsers are more perfect to use because you won't get attacked & have other problems. Truth is, it's only a matter of time. The bigger the user base, the bigger the target, the more fun for the exploiters to find ways to exploit.
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.