discussions of various subjects - emphasis on food and recipes, travel, art, gardening

=,=`==ivy==`=,=

forum guidelines . eyeglasses  disclaimer - read me . recipes from our kitchen . blog from our kitchen 

how to put a Webster's Online Dictionary search box on your site


etherwork.net
discussions of various subjects - emphasis on food and recipes, travel, art, gardening
 
Register Log in Log in to check your private messages FAQ Memberlist Search Usergroups etherwork.net Forum Index

Security Advisory for Mozilla

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    etherwork.net Forum Index » anything and everything (within reason) - archive
View previous topic :: View next topic  
Author Message
llizard (aka ejm)
Administrator


Joined: 06 Oct 2004
Posts: 548
Location: Canada

Slogan:

Come to Life. Come to Laziness.

PostPosted: Tue 03 May, 2005 6:23 am    Post subject: Security Advisory for Mozilla Reply with quote

Exclamation edit 9May2005: new security advisory for Firefox 1.0.3 Exclamation


This affects NS7 and Firefox 1.0.2 and below.


Networksecurity.fi Security Advisory (29-04-2005) wrote:
A new remote type vulnerability has been reported in Netscape, which can be exploited by malicious people to compromise a user's system.

It is recommended to use another web browser (Firefox 1.0.3 is not affected). If this is not possible, the following workaround is provided by the researcher:

Workaround:
Disable JavaScript:
Edit / Preferences... / Advanced / Scripts & Plugins: remove selection from 'Navigator'. Select 'OK' to save changes.

above excerpt from http://www.networksecurity.fi/advisories/netscape-dom.html

Note that Firefox 1.0.3 and Mozilla Suite 1.7.7 are unaffected.

Also see:
http://www.mozilla.org/security/announce/mfsa2005-41.html




Last edited by llizard (aka ejm) on Mon 01 Aug, 2005 4:59 pm; edited 5 times in total
Back to top
View user's profile Send private message
Mats
registered


Joined: 14 Oct 2004
Posts: 503
Location: Toronto, Canada

PostPosted: Tue 03 May, 2005 11:00 am    Post subject: Thanks Reply with quote

Thanks lizard; I had not updated Firefox since 1.0.


Back to top
View user's profile Send private message Send e-mail
llizard (aka ejm)
Administrator


Joined: 06 Oct 2004
Posts: 548
Location: Canada

Slogan:

Come to Life. Come to Laziness.

PostPosted: Mon 09 May, 2005 3:16 pm    Post subject: 9 May 2005 Yet another security warning for Mozilla! Reply with quote

Yet another security warning for Mozilla:

This affects Firefox 1.0.3 and below

Mozilla Foundation Security Advisory wrote:
May 9, 2005

Users who have added other extension or theme sites to the software installation whitelist should remove them until a fixed version of Firefox is available.

1. Select the "Options" dialog from the "Tools" menu
2. Select the "Web Features" icon
3. Click the "Allowed Sites" button on the same line as the "Allow web sites to install software" checkbox
4. Click the "Remove All Sites" button
5. Click "OK"
[...]
To prevent the script injection exploit from stealing cookies or other sensitive data disable Javascript before visiting untrustworthy sites.

http://www.mozilla.org/security/announce/mfsa2005-42.html

Secunia Advisories wrote:
Software: Mozilla Firefox 1.x
NOTE: Exploit code is publicly available.

The vulnerabilities have been confirmed in version 1.0.3. Other versions may also be affected.

Solution:
1) Disable JavaScript.

2) Disable software installation: Options --> Web Features --> "Allow web sites to install software"

NOTE: A temporary solution has been added to the sites "update.mozilla.org" and "addons.mozilla.org" where requests are redirected to "do-not-add.mozilla.org". This will stop the publicly available exploit code using a combination of vulnerability 1 and 2 to execute arbitrary code in the default settings of Firefox.

http://secunia.com/advisories/15292/


Back to top
View user's profile Send private message
Mats
registered


Joined: 14 Oct 2004
Posts: 503
Location: Toronto, Canada

PostPosted: Thu 21 Jul, 2005 9:58 am    Post subject: Firefox Updates Reply with quote

I guess computer crime increases in proportion to the popularity of any one product. With Firefox now being used by 8% of users, it is increasingly attractive to attack. I would advise those who use Firefox to keep abreast of the new releases. I just installed the latest 1.0.6.


Back to top
View user's profile Send private message Send e-mail
llizard (aka ejm)
Administrator


Joined: 06 Oct 2004
Posts: 548
Location: Canada

Slogan:

Come to Life. Come to Laziness.

PostPosted: Thu 21 Jul, 2005 6:05 pm    Post subject: Re: Firefox Updates Reply with quote

MEF wrote:
I guess computer crime increases in proportion to the popularity of any one product. With Firefox now being used by 8% of users, it is increasingly attractive to attack. I would advise those who use Firefox to keep abreast of the new releases. I just installed the latest 1.0.6.


1.0.6 is released now? I was just yesterday in the Firefox forums reading about people's difficulties with 1.0.5. The consensus was to wait for 1.0.6 if you had 1.0.4 installed (I do).

So... any problems with 1.0.6, MEF?


Back to top
View user's profile Send private message
Mats
registered


Joined: 14 Oct 2004
Posts: 503
Location: Toronto, Canada

PostPosted: Tue 26 Jul, 2005 9:00 am    Post subject: Firefox 1.0.6 Reply with quote

The latest version of Firefox is working just fine.


Back to top
View user's profile Send private message Send e-mail
llizard (aka ejm)
Administrator


Joined: 06 Oct 2004
Posts: 548
Location: Canada

Slogan:

Come to Life. Come to Laziness.

PostPosted: Mon 01 Aug, 2005 5:00 pm    Post subject: Firefox 1.0.6 Reply with quote

Downloaded and installed Firefox 1.0.6 today. As MEF has already reported, it is working just fine.


Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.#phpforum   This topic is locked: you cannot edit posts or make replies.    etherwork.net Forum Index » anything and everything (within reason) - archive All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001- 2004, 2006 phpBB Group
Theme created by phpBBStyles.com | Themes Database

-,-`--ivy--`-,------

                      *
                     *
                    []
                    ||
      *          *  ||*
    *          *  *|  |
        *__    _*_ |__|
        \*/    \*/ | *|
ejm      Y      Y  |__|   =(}
        _|_    _|_


Webster's Online Dictionary
with Multilingual Thesaurus Translation

English Non-English

HTML coding for the Online Dictionary search box