| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Researcher: Firefox vulnerable to ID spoofing | |
|
||
| Time: 12:45 EST/17:45 GMT | News Source: ZDNet | Posted By: Jonathan Tigner | ||
|
Firefox 2.0 has a vulnerability that can leave its users susceptible to an identity theft attack, according to Aviv Raff, a security researcher based in Israel. Raff outlined a bug in Firefox that allows spoofing and enables an attacker “to conduct phishing attacks, by tricking the user to believe that the authentication dialog box is from a trusted website.” The versions affected include Firefox v2.0.0.11 and prior versions. Ryan Naraine got a private demo of Raff’s work and noted that this attack is easy to fall for. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 170 Last | Next |
The time now is
3:27:03 AM
ET.
Any comment problems? E-mail us |
| #1 By 3653 (65.80.181.153) at 1/3/2008 8:50:52 PM |
| "a safer way to browse the web" |
| #2 By 37047 (99.241.37.218) at 1/3/2008 10:29:11 PM |
| #1: Yes, because Mozilla won't make us wait for some random "Patch Tuesday" for an update that fixes the problem. We will have a fix pushed out to us as soon as it is ready, and not held onto until the next official patch cycle. |
| #3 By 3653 (65.80.181.153) at 1/3/2008 10:57:53 PM |
|
"some random Patch Tuesday"
Is 'every second tuesday of the month' really so random? "We will have a fix pushed out to us as soon as it is ready" I'm reminded of those long lists of firefox bugs that notparker has shown us. "as soon as it is ready" too often means "never" in the firefox world. mystic, what company in their right mind would PREFER the haphazard mozilla patch scheduling (lack of) compared to a normal regular schedule (patch tuesday)? This post was edited by mooresa56 on Thursday, January 03, 2008 at 23:00. |
| #4 By 2960 (72.196.195.185) at 1/4/2008 7:59:18 AM |
|
I have YET to see a drive-by spyware install completed under FireFox.
I still consider this the biggest problem with IE. TL |
| #5 By 37047 (216.191.227.68) at 1/4/2008 8:34:54 AM |
|
#3: By "random Patch Tuesday", I meant exactly what I said. With an IE patch, you might get it the next Patch Tuesday, the one after that, the one after that one, etc. A random one. Thus, "random Patch Tuesday" does not equal "some random Tuesday, which might or might not be a Patch Tuesday". Learn to parse better before making asinine statements.
"I'm reminded of those long lists of firefox bugs that notparker has shown us. "as soon as it is ready" too often means "never" in the firefox world." Of course, in the IE world, you never even find out about it until the patch is ready, so bugs lay undisclosed and unfixed for months and even years, some never getting fixed at all, due to the lack of importance Microsoft places on IE and the IE users. Heck, Microsoft didn't even care about making IE 7 until Firefox woke them up by stealing 10+% of the IE market share. |
| #6 By 15406 (216.191.227.68) at 1/4/2008 10:47:55 AM |
|
#3: I'm reminded of those long lists of firefox bugs that notparker has shown us.
You're reminded of things that never happened? The best that parkkker can do is offer up a bug or two, usually something ancient that has long since been fixed, or something so insignificant that nobody cares about. Why are you even commenting on this? Shouldn't you be in full apologist mode, busily crafting a response to the critical bug in Vista that allows remote code execution? Luckily it's being patched this Tuesday, but who knows what other hole the patch will open? And weren't you one of the Ketchum Kidz that claimed Vista would never fall victim to a remote code execution bug due to Vista's security awesomeness? |
| #7 By 92283 (64.180.196.143) at 1/4/2008 12:17:29 PM |
|
The last critical security patch for Firefox was 2007-35
http://www.mozilla.org/security/announce/2007/mfsa2007-35.html https://bugzilla.mozilla.org/show_bug.cgi?id=387881 It only took them 3 months to figure out this bug this fix was needed because of another bug - 369211. Unfortunately, that bug is EMBARGOED. You are not authorized to access bug #369211. https://bugzilla.mozilla.org/show_bug.cgi?id=369211 So much for OPEN! This post was edited by NotParkerToo on Friday, January 04, 2008 at 12:18. |
| #8 By 92283 (64.180.196.143) at 1/4/2008 12:35:49 PM |
|
Then there is the next critical security bug: 2007-29
http://www.mozilla.org/security/announce/2007/mfsa2007-29.html It leads to: https://bugzilla.mozilla.org/buglist.cgi?bug_id=309322,330563,341858,344064,348126,354645,361745,362901,378670,378682,379799,382376,384105,386382,386914,387033,387460,387844,391974,392285,393770,394014,394418 1st in the long list: https://bugzilla.mozilla.org/show_bug.cgi?id=309322 2005-09-20 TWO YEARS to fix Would the asshats please now shut up. |
| #9 By 15406 (216.191.227.68) at 1/4/2008 12:55:16 PM |
|
#7: As usual ad infinitum, you're referencing FF bugs that have already been fixed.
So much for OPEN! When you come to a closed, unlocked door, you still have to turn the knob to get in. Did you login with your Bugzilla account to see that bug you're complaining about? Yo know, the free account that you've been told about many times before but for some reason still can't get your head around? That free account? Man, you can lead a fool to ActiveWin but you can't make him think. #8: Hmm, all I see in that list you linked to are a bunch of fixed bugs. It certainly is funny how FF can go 2 years without fixing a bug and it's STILL more secure than IE. |
| #10 By 92283 (64.180.196.143) at 1/4/2008 1:11:51 PM |
|
Tsk tsk. Trying to change the rules Asshat.
You stated "The best that parkkker can do is offer up a bug or two, usually something ancient that has long since been fixed, or something so insignificant that nobody cares about. " 1) Both are critical. 2) They are not ancient. They are the two most recent critical fixes. You, as usual, are a loser. |
| #11 By 37047 (99.241.37.218) at 1/4/2008 6:49:08 PM |
|
Parker:
Why not do something useful, like showing us a few bugs that are a year or two old, that is critical or higher, and still unresolved. That would be far more useful to your argument than simply showing bug reports that are marked as fixed. And while you're at it, how about showing us how much more secure IE is by giving us a link to the Microsoft bug tracking system, so we can see how IE has fewer outstanding bugs, and how there are no open bugs that are 1+ years old and still unresolved? I won't be holding my breath waiting for that Microsoft defect tracking system link. |
| #12 By 3653 (65.80.181.153) at 1/4/2008 7:53:57 PM |
|
lol. you guys are hillarious. Why not change the subject a few more times.
"It certainly is funny how FF can go 2 years without fixing a bug" Friend, there's nothing "funny" about that. |
| #13 By 92283 (64.180.196.143) at 1/4/2008 10:11:55 PM |
|
#11 https://bugzilla.mozilla.org
I found 1630 Unconfirmed Critical bugs without resolution. Some are 5 or 6 years old. I tried the Advanced Search and found 736 NEW Critical bugs with the word Crash in them meaning they potentially could allow code excution. I'm sure hackers are working their way through the new ones right now looking for ones to exploit. |
| #14 By 3653 (65.80.181.153) at 1/5/2008 4:11:05 PM |
| [cricket chirp] |
| #15 By 15406 (216.191.227.68) at 1/7/2008 9:29:25 AM |
| #13: And yet, through all those myriad bugs, FF was still only exposed to critical bugs for 9 days last year, compared to IE's 200+ days. Funny how the world works, isn't it? |
| #16 By 92283 (64.180.196.143) at 1/7/2008 10:05:44 AM |
|
Latch, see #8.
The bug was two years old when fixed. You lied. |
| #17 By 3653 (65.80.181.153) at 1/8/2008 3:17:45 PM |
| latch is using dog years, where 9 days = 2 years. |
| #18 By 563062 (70.32.38.83) at 7/13/2011 11:01:40 PM |
|
http://www.anydress.co.uk/quinceanera-dress-function-occasion.html quinceanera dress http://www.anydress.co.uk/prom-dress-function-occasion.html prom dresses http://www.anydress.co.uk/prom-dress-function-occasion.html formal prom dresses http://www.anydress.co.uk/celebrity-dress-function-occasion.html celebrity maternity dresses http://www.anydress.co.uk/quinceanera-dress-function-occasion.html quinceanera dresses
|
| #19 By 563062 (70.32.38.83) at 7/13/2011 11:04:00 PM |
|
http://www.beeweddingdress.com/evening.html prom evening dresses http://www.beeweddingdress.com/evening.html evening dress http://www.beeweddingdress.com/bridal-party-flower-girls.html flower girl dresses http://www.beeweddingdress.com plus size dresses http://www.beeweddingdress.com/prom.html bridesmaid prom dresses http://www.beeweddingdress.com/accessories-headpieces.html wedding headpieces http://www.beeweddingdress.com/bridal-party.html party dress http://www.beeweddingdress.com/bridal-party.html bridal party http://www.beeweddingdress.com/evening.html cheap evening dresses
|
|
Write Comment
Return to News |
Displaying 1 through 25 of 170 Last | Next |
The time now is
3:27:03 AM
ET.
Any comment problems? E-mail us |
