| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Mozilla mulls Windows cursor flaw fix of its own | |
|
||
| Time: 18:10 EST/23:10 GMT | News Source: News.com | Posted By: Jonathan Tigner | ||
|
Mozilla is looking at delivering its own remedy for a Windows flaw that could let attackers commandeer a PC running the Microsoft operating system software. "The vulnerability is caused by a Windows error…it can be exploited through both Firefox and Internet Explorer," Mike Schroepfer, vice president of engineering at Mozilla, said in a statement. "We are investigating issuing a workaround within Firefox in an upcoming security release." Mozilla coordinates Firefox development. The Firefox workaround could be welcome for those users who, for whatever reason, don't install Microsoft's fix. Some compatibility problems with the Microsoft update have been reported. "Microsoft has issued a patch to fix Windows and we encourage all Windows users to apply this update immediately," Schroepfer said. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 150 Last | Next |
The time now is
11:02:05 AM
ET.
Any comment problems? E-mail us |
| #1 By 32132 (142.32.208.231) at 4/4/2007 7:05:04 PM |
|
"Security experts at Determina, which reported the animated cursor flaw to Microsoft, have published a video that shows how a Vista PC can be compromised by exploiting the flaw and how Firefox users are at a higher risk than IE 7 users. "
Firefox and security ... the gift that keeps on giving. |
| #2 By 28801 (65.90.202.10) at 4/4/2007 8:06:33 PM |
|
This author is lame! The most important line in the story "Some compatibility problems with the Microsoft update have been reported. " goes completely unsubstantiated.
Sounds like Mozilla trying for some free publicity by foisting unnecessary changes on the public. |
| #3 By 20505 (216.102.144.11) at 4/4/2007 9:53:38 PM |
|
Let me get this straight. You gents are complaining about Firefox for an MS related security issue?
This does not make sense. If they (Mozilla) wish to improve their product how is this a bad thing? |
| #4 By 32132 (64.180.219.241) at 4/4/2007 10:00:51 PM |
| #3 I was applauding Microsoft for making IE7 safer than Firefox for web browsing. |
| #5 By 8556 (12.210.39.82) at 4/4/2007 11:22:46 PM |
|
Fixes of code may be never ending, as the bad guys are are more creative then the coders.
Firefox vs. IE7 issues should become passé. Think about if a car you are driving gets a flat tire. What will you do? Would you debate about whether a different brand or model might have prevented it or just change the tire and drive on. Considering this analogy drove me to use Virtual PC for browsing, with either browser. If you get hit with a drive-by attack that stops you in your tracks just “change the tire” and load a copy of the clean backup and you’re back to navigating the virtual highway in minutes. Why do we keep insisting that one bad browser is better than another when both are far from perfect? |
| #6 By 2459 (69.22.113.215) at 4/5/2007 12:49:52 AM |
|
rxcall, the compatibility issue the author is vaguely referencing is most likely with Realtek's HD audio control panel on XP. However MS detailed this issue in their bulletin and provided a download for the updated component.
http://support.microsoft.com/?kbid=925902 |
| #7 By 17996 (66.235.43.192) at 4/5/2007 2:34:43 AM |
|
#6 - Or, you can download the latest drivers from Realtek, released on 3/30/2007. This will prevent the problem as well. Looks like Microsoft told RealTek they had a bug in their software (found while testing the security update) and RealTek made a fix available.
(However, knowing that most people will blame Microsoft, Microsoft also made a hotfix that works around the problem in Realtek's software. But installing RealTek's fix would be the best.) |
| #8 By 23275 (24.179.4.158) at 4/5/2007 4:22:38 AM |
|
The reporting around this one is really poor. There are far more reasons to be encouraged than there are reasons to be alarmed, or disagree.
First up would be mitigations available to many users [not all, or enough, yet, but many]. Users running systems with NX, or zero execute bit features as found on about all systems built in the last two years would have hardware support for Data Execution Protection [DEP] - enabled by default since XP SP2 in Aug 2004. DEP prevents buffer overruns from allowing arbitrary code execution. Vista extends this, greatly. For Vista users, IE 7's protected mode and UAC would have prevented users from being harmed - in other words, just as advertised, Vista's more comprehensive approach to security, works. Second, and perhaps most importantly, the vulnerability was reported responsibly and it was acted upon - Microsoft's first response coming the same day the vulnerability was reported. Third the testing of the out-of-band ptch was so complete, that both a work around for a faulty RealTek driver and a hotfix were supplied for affected users. Fourth, going back many months, IE 7 developers, security researchers and developers from Mozilla/Firefox began to work together to better secure Windows users - with "Protected Mode" for Firefox being discussed and developed for future releases. Finally, once the story broke, Microsoft made the patch it had been working on for months, available a week ahead of schedule. If any of us should be pissed, we ought to be directing our anger at the criminals exploiting this and the press for causing us to jump through hoops and rush to push out a patch that we could have installed normally a week later. We should all be looking at how much better the entire process is working - fewer vulnerabilities overall, slower propagation of the exploits and well mitigated affects by virtue of increased and layered protections being available, and increased cooperation and joint development between competitors who appear to be at least as interested in the end user as they are in beating one another over the head. As an example of a serious vulnerability and how much better the response has been, the .ANI vuln should serve as reason to be encouraged and celebrated as an example that if we continue to work hard, we can stay ahead of the criminals trying to hurt all of us. |
| #9 By 13030 (198.22.121.110) at 4/5/2007 9:47:21 AM |
|
"Firefox users are at a higher risk than IE 7 users."
Great news: 2-3.5% of Windows users are safe! What about the rest? |
| #10 By 32132 (142.32.208.231) at 4/5/2007 4:09:07 PM |
| #9 Upgrading to Vista would be smart. |
| #11 By 2960 (24.254.95.224) at 4/5/2007 4:37:38 PM |
|
#1.
IT'S A WINDOWS BUG. If the system is patched, you cannot catch the ANI cold via FireFox. IT IS NOT A FIREFOX BUG. I'm sure that doesn't matter, but what the hell. TL |
|
Write Comment
Return to News |
Displaying 1 through 25 of 150 Last | Next |
The time now is
11:02:05 AM
ET.
Any comment problems? E-mail us |
