| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Mozilla fixes 'critical' flaws | |
|
||
| Time: 07:41 EST/12:41 GMT | News Source: News.com | Posted By: Jonathan Tigner | ||
|
Mozilla has released updates for its Firefox browser, Thunderbird e-mail application and the SeaMonkey application suite to fix "critical" security vulnerabilities. The vulnerabilities affect 1.5 versions of Firefox and Thunderbird as well as version 1 of the SeaMonkey suite, Mozilla said in its security advisories. The bugs do not affect Firefox 2.0, the latest version of the browser released late last month. Security monitoring companies Secunia and the French Security Incident Response Team, or FrSIRT, deem the issues "highly critical" and "critical," respectively. People who use vulnerable versions of the Mozilla products are urged to upgrade to the fixed versions, both companies said. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 321 Last | Next |
The time now is
11:29:19 AM
ET.
Any comment problems? E-mail us |
| #1 By 3653 (68.52.143.149) at 11/9/2006 9:23:04 AM |
| its like reliving the same day over and over again. |
| #2 By 2960 (68.101.39.180) at 11/9/2006 11:16:59 AM |
|
Yeah, in stereo. FireFox and IE.
Problem is, the volume is much louder in the right ear. TL |
| #3 By 32132 (142.32.208.231) at 11/9/2006 11:33:43 AM |
|
Right Ear = 3 CRITICAL (own your box) security holes for Firefox
Left Ear = A little bit of URL spoofing for IE |
| #4 By 37047 (216.191.227.68) at 11/9/2006 1:34:17 PM |
|
The important part of this announcement:
"The bugs do not affect Firefox 2.0, the latest version of the browser released late last month." |
| #5 By 32132 (142.32.208.231) at 11/9/2006 2:21:27 PM |
| #4 is Firefox 2.0 an automatic update like IE7, or voluntary? |
| #6 By 7390 (71.125.38.82) at 11/9/2006 2:24:03 PM |
|
all lies, only microsoft products contain bugs
and apple in invented the .mp3 player |
| #7 By 2960 (68.101.39.180) at 11/9/2006 3:53:10 PM |
|
Parkker,
Why is it on FireFox days, you're ready to rock. When it's an IE day, you can hardly be found, unless you can find a way to work FireFox into the conversation. TL |
| #8 By 2960 (68.101.39.180) at 11/9/2006 4:00:37 PM |
|
I am in the middle of removing over 40 Spyware Packages from a users computer. Her computer was clean until she did a search in Google, and clicked on a link.
She then got hit with a drive-by install of epic proportions. I don't care what you guys say. Like IE or not. This shit just does NOT happen with FireFox. Period. TL |
| #9 By 32132 (142.32.208.231) at 11/9/2006 5:17:51 PM |
|
#7 It only seems that way. The count is something like 34 to 6/9 for critical vulnerabilities this year. (34 for Firefox)
#8 Which version of IE? IS it XP SP2 patched and up to date? Popup blocker on? Anti-virus? Is she an Admin/Power User/User? Are you limiting IE's Admin tokens via psexec or the registry? |
| #10 By 2960 (68.101.39.180) at 11/9/2006 5:19:00 PM |
|
SP2 and yes it's all on.
None of that stops drive-by installs. I'm STILL working on the same flippin' call. TL |
| #11 By 32132 (142.32.208.231) at 11/9/2006 5:22:04 PM |
|
#10 Is she an Admin/Power User/User?
Are you limiting IE's Admin tokens via psexec or the registry? (Edit: The only reason I am harping on it is that the only infested machines I've seen are laptops where we have stupidly allowed the user to be Admin so they can install stuff "on the road" Otherwise they are all "Power Users") This post was edited by NotParker on Thursday, November 09, 2006 at 17:24. |
| #12 By 2960 (68.101.39.180) at 11/9/2006 5:25:29 PM |
|
Guys, I want to make someting clear here. I am NOT an IE hater. I use it all day long.
However whenever I see these STOOPID comparisons between IE and FireFox it just sets me free. IE has a horrific problem with drive-by spyware installs. No one on this planet can tell me this does not exist because a) it's fully documented and proven by now and b) I spend 40% of my time removing this crap from users computers, and the vast majority of them are drive-by installs. Not installing adware, not installing freeware, not the user installing other software. It comes from DRIVE-BY INSTALLS. This is a MAJOR design failure in IE that I am still not convinced is fixed in IE7 (we'll see - IE7 is not approved for our corporate machines at this time). I like IE (well, maybe not IE7. We'll see). I am NOT a FireFox drum-banger, except over this one issue (Drive-By Installs). It just does NOT happen with FireFox. It doesn't help that I'm in a really pissy mood right now over this machine and it's now close to 60 malware package installs, all from ONE single drive-by install. And why do people use the Yieldmanager.com ad service? According to my Spyware Doctor reports, this service is pumping out adware/spyware install attempts CONSTANTLY. I would not connect to the net without Spyware Doctor installed. FWIW. Back to my misery :) TL |
| #13 By 32132 (142.32.208.231) at 11/9/2006 5:53:15 PM |
|
#12 Again, because I have a direct knowledge of 400 desktops since we put our XP image on them 4 years ago, I will repeat myself.
No drive by installs with users as "Power Users" and McAfee. Some of the machines have Defender on them (but not a majority - we need a new image). Yes, drive by installs (well ... some malware infestation) with a few laptops configured with the user as Administrator. |
| #14 By 2960 (68.101.39.180) at 11/9/2006 6:46:51 PM |
|
Just finished. 2 hours and 40 minutes of my life wasted to these creepy bastards.
BTW... I take care of some 7000 out of 19,000. TL This post was edited by TechLarry on Thursday, November 09, 2006 at 18:48. |
| #15 By 32132 (64.180.219.241) at 11/9/2006 7:59:24 PM |
|
BTW: We have another 2500 or so in the schools, but we use DeepFreeze on them so it isn't quite the same.
I'm still asking: Administrator or Power User? Which anti-virus? Defender? |
| #16 By 2960 (68.101.39.180) at 11/10/2006 8:37:13 PM |
|
Admin. It's not my call.
That doesn't detract from the fact that IE is THE portal for Spyware on PC's due to drive-by installs. AntiVirus is Symantec Corporate. It is what it is. I just support it :) TL |
| #17 By 23275 (68.17.42.38) at 11/11/2006 5:03:17 PM |
|
#16, TL, even if as a policy your firm will not let you use Group Policies and the GPOM properly, what about edge and perimeter devices - has your CITO, for example, been able to sell in on the idea of using edge and perimerter devices, and or a server like ISA 2006 and third party filters to scan at the edge of your network(s)? They can be a very inexpensive way to add to defenses [in depth], and reduce the isntances of such installations.
BTW, it isn't IE per se' - it is its native support for COM/DCOM, etc... and distributed object models/support in Mozilla browsers is just as prevelant - Java RMI, for example... so it isn't design at all - it is a combination of two things [the number and types of malicious code authoris out there hitting IE and in your case, a management team that won't support proper administration of clients]. The entire mess you are dealing with is so very easily addressed - perhaps you could research options for them and suggest what they could do. |
| #18 By 3653 (68.52.143.149) at 11/12/2006 2:06:21 AM |
|
verdict - POOR MANAGEMENT
perhaps its not YOUR fault techlarry. maybe you're a victim of upper-levels forcing certain settings. Regardless, its hard for me to connect your dots, from 1) inability to propertly secure the machine to 2) IE is to blame. I'm ultimately responsible for ~500 desktops/laptops (my primary responsiblity is our ASP business, so servers). We simply do not have the problems you describe. We have Symantec installed, but quite frankly it isn't that useful. We TEACH our laptop users (what a nice term for salespeople. ha) that if they click through the three to six WARNING screens and manage to get infected... then they are at fault. That mantra is brought home to them when those issues show up on their performance reviews. Hey, if they cost us $1k in service work, then they should be held accountable. Also, users graduate to the ability to INSTALL software. They earn that right, frankly. Am I hated for this policy? Probably. Does it work? Definitely. This post was edited by mooresa56 on Sunday, November 12, 2006 at 02:12. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 321 Last | Next |
The time now is
11:29:19 AM
ET.
Any comment problems? E-mail us |
