473,289 Members | 1,840 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,289 software developers and data experts.

Firefox 1.0.5 is available for upgrade

VK
<http://www.mozilla.org/>

Jul 23 '05 #1
7 1416


VK wrote:
<http://www.mozilla.org/>


Yes, I believe the Firefox 1.0.5 upgrade is mainly for security.
Firefox has had several recent security upgrades. I do not know of any
serious Firefox hacks so far, but hackers might soon take interest in
Firefox as some sites now report they receive over 20% Firefox hits.
Although hackers like to target Microsoft most, they will not pass up
others. For example, there are many Unix servers, and some hackers,
especially "the boys from Brazil", have defaced pages on many Unix
servers and worse.

Speaking of upgrades, one should also check any media players and media
programs they have installed from time to time. There have been
security updates for Real and others.

Jul 23 '05 #2
cwdjr wrote:
but hackers might soon take interest in Firefox as some sites now report they receive over 20% Firefox hits. Although >hackers like to target Microsoft most


You are correct. The only reason IE is hit on the most is simply
because of convenience. The truth is, no browser out there is truly
"secure". We just haven't heard much of security exploits on other
browsers mainly because they weren't popular. Now that FF is on the
rise, we'll probably see more attacks.

Jul 23 '05 #3
web.dev wrote:
cwdjr wrote:
but hackers might soon take interest in Firefox as some sites now report they receive over 20% Firefox hits. Although >hackers like to target Microsoft most


You are correct. The only reason IE is hit on the most is simply
because of convenience. The truth is, no browser out there is truly
"secure". We just haven't heard much of security exploits on other
browsers mainly because they weren't popular. Now that FF is on the
rise, we'll probably see more attacks.

Attacks are not a big worry for Firefox as yet, and they do seem to
remove the potential before anyone notices it enought to actually use
one of the "features" they have fixed.

What worries me most at the moment is the unfortunate habit 1.0.4 has of
producing the "URL redirection limit exceeded" error and blocking sites.
Does anyone know, offhand, is that is fixed in this upgrade?
Jul 23 '05 #4
"web.dev" <we********@gmail.com> wrote in message
news:11**********************@o13g2000cwo.googlegr oups.com...
cwdjr wrote:
but hackers might soon take interest in Firefox as some sites now
report they receive over 20% Firefox hits. Although >hackers like to
target Microsoft most


You are correct. The only reason IE is hit on the most is simply
because of convenience. The truth is, no browser out there is truly
"secure". We just haven't heard much of security exploits on other
browsers mainly because they weren't popular. Now that FF is on the
rise, we'll probably see more attacks.


Not to mention a lot of attacks consist of asking the user to perform a
task that is inherently dangerous (such as installing a plug-in to view
content - the dancing bunny problem: <url:
http://blogs.msdn.com/larryosterman/...12/438284.aspx />)

Up to a short time ago, all the Mozilla projects benefited from the fact
that they were (typically) only being used by well-informed,
technically-oriented individuals. As more non-technical laypeople
download and use alternative browsers, those browsers will be
"vulnerable" to this form of "attack" because the users are not informed
enough to avoid performing these dangerous tasks.

When a Web site asks the user to install a plug-in (ActiveX control or
Firefox Extension) to see the dancing bunnies, many people will do just
that, regardless of the dangers involved or the warnings provided.

--
Grant Wagner <gw*****@agricoreunited.com>
comp.lang.javascript FAQ - http://jibbering.com/faq
--
Grant Wagner <gw*****@agricoreunited.com>
comp.lang.javascript FAQ - http://jibbering.com/faq
Jul 23 '05 #5
VK
> When a Web site asks the user to install a plug-in (ActiveX control or
Firefox Extension) to see the dancing bunnies, many people will do just
that, regardless of the dangers involved or the warnings provided.


So where the *browser* vulnerability here? If some user drop (s)he
security settings to zero, and then on a popup like "Very Cool soft.
Signed by Catch-Me-If-You-Can. Install?" press "Install": what a hey
Mozilla (or Microsoft) has to do with it? These are software company,
not mental clinics.

If some "bunnies" were *signed* by some real sertificate authority
(VerySign or Thawte), then it's again not a browser problem, but the
sertificate authority failed to check the company properly. The only
stone can be thrown to FF *only if* it doesn't have a revoked
sertificates check mechanics (IE has for sure). Because even
sertificate authorities are being cheated sometimes, specially VerySign
with its "3 class" delegated trust certificates. (You're giving it to a
reputable company, and someone pass it trough the 3 class to some
scum). But again, it has nothing to do with the browser vulnerability.
Vulbnarability is when you have all recommended (default or higher)
security settings and still being successfully attaked by a site
content.

Jul 23 '05 #6
"VK" <sc**********@yahoo.com> wrote in message
news:11**********************@g47g2000cwa.googlegr oups.com...
When a Web site asks the user to install a plug-in (ActiveX control
or
Firefox Extension) to see the dancing bunnies, many people will do
just
that, regardless of the dangers involved or the warnings provided.
So where the *browser* vulnerability here? If some user drop (s)he
security settings to zero, and then on a popup like "Very Cool soft.
Signed by Catch-Me-If-You-Can. Install?" press "Install": what a hey
Mozilla (or Microsoft) has to do with it? These are software company,
not mental clinics.


I think my post was self-explanatory. I never claimed this form of
attack was a result of a security vulnerability in the browser.
If some "bunnies" were *signed* by some real sertificate authority
(VerySign or Thawte), then it's again not a browser problem, but the
sertificate authority failed to check the company properly.
It is not the job of the certificate authority to validate the content
of what is being signed, only to ensure that it has not been modified in
transit.
The only
stone can be thrown to FF *only if* it doesn't have a revoked
sertificates check mechanics (IE has for sure).


I was not "throwing a stone" at Firefox (by the way, the preferred
abbreviation is "fx" or "Fx", not "FF" <url:
http://www.mozilla.org/products/fire...1.0.6.html#FAQ />), I
was pointing out that as Firefox gains market share, it will begin to
see more of the types of social-engineering (and other) attacks that are
seen against IE. And since the market share it is gaining are users who
are not as well informed as the users who have used Firefox in the past,
these types of attacks will be more successful.

--
Grant Wagner <gw*****@agricoreunited.com>
comp.lang.javascript FAQ - http://jibbering.com/faq
Jul 23 '05 #7
VK
> I was pointing out that as Firefox gains market share, it will begin to
see more of the types of social-engineering (and other) attacks that are
seen against IE. And since the market share it is gaining are users who
are not as well informed as the users who have used Firefox in the past,
these types of attacks will be more successful.


Sure they will. So far many wannabes were like in that old cowboy story
about Uncatchable Joe:

- Why is Jow so uncatchable?
- Because who the hell wants to catch him ?!

Some part of Linux, Macintosh, and Firefox security image is based on
this story, and yes they may have much more security fights in the
future.

Jul 23 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: Geoff | last post by:
When trying to focus a field in Firefox, I get the following error: Error: " nsresult: "0x8057001e (NS_ERROR_XPC_JS_THREW_STRING)" location: "JS frame ::...
45
by: Pat | last post by:
its seems asp.net validation doesn't fire when using FireFox? Tested a page and it doesn't fire. It seems the javascript doesn't fire Any ideas?
12
by: Brad | last post by:
Does anyone have any other solutions to the Firefox rendering problems with ASP.NET? I've tried the <browsercaps> web.config trick. It didn't work. Am I overlooking something else? Thanks!
4
by: lmarceglia | last post by:
Hi, I have this website that doesn't work in Firefox 1.5: www.pianetaluca.com The HTML source is: <TITLE>PianetaLuca</TITLE> </HEAD>
33
by: David Stone | last post by:
Been trying to specify text alignment within specific columns in an html 4 strict page. According to the w3c specs, <TABLE border="1"> <COLGROUP> <COL> <COL align="char" char=".">...
7
by: cwdjrxyz | last post by:
I just installed the new Firefox 2.0 browser without problems. This is a major upgrade, and you need to go to the Firefox site and read the release notes before you download it. There are a few...
2
alexphd
by: alexphd | last post by:
This code works in firefox perfectly, but in Internet Explorer it does not calculate the total correctly. Anybody know why? <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"...
4
by: comp.lang.php | last post by:
I wrote my own version of memory_get_usage() if that function is not available: if (!function_exists('memory_get_usage')) { /** * Determine the amount of memory you are allowed to have * *...
1
omerbutt
by: omerbutt | last post by:
hi i am making a intranet online test application for a school and for that i have to make a form for creating the test the logic is to select a subject and then the number of questions for that test...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.