Tarkus Tarkus

Spoofing flaw resurfaces in Mozilla browsers

Spoofing flaw resurfaces in Mozilla browsers

A 7-year-old flaw that could let an attacker place malicious content on trusted Web sites has resurfaced

http://news.com.com/Spoofing+flaw+resurfaces+in+Mozilla+browsers/2100-1002_3-5734121.html?tag=nl
from WinCustomize Forums
A 7-year-old flaw that could let an attacker place malicious content on trusted Web sites has resurfaced in the most recent Firefox browser, Secunia has warned.

The flaw, which also affects some other Mozilla Foundation programs, lies in the way the software handles frames, which are a way of showing Web content in separate parts of the browser window. The applications don't check whether the frames displayed in a single window all originate from the same Web site, Secunia said in an advisory on Monday. Firefox 1.x, Mozilla 1.7.x and Camino 0.x versions are vulnerable to the flaw, the security monitoring company said.
32,992 views 52 replies
Reply #26 from WinCustomize Forums Top
I have an Nforce chipset and SP2 and no such problems.


I tried googling up on the issue and I cant find anything. Can you tell me where you read that.
Reply #27 from WinCustomize Forums Top
Oh and if your bios is updated then it most likely isnt your nforce chipset. And it really shouldnt be the nforce chipset. Your windows installation/hard drive/ partition may be very unstable. If you have one partition dedicated to windows and thats it. I suggest u back up and wipe it. If that dont work, then a virus may have altered your bios so u may need to take to technician. I have an nforce 2 and it works just fine. And its nice to know windows is a little bit safer.


I doubt my Windows insallation is instable. I just reinstalled XP a few months ago. After installing XP I installed a handful of other programs but thats about all I've done.

I doubt I have a virus in my BIOS file or anywhere else. I have scanned and rescanned my system using AVG, Antivir, Panda, and Trend Micro. I don't see how I could get a virus because I'm so careful online. I only visit about 10 to 20 sites a day - the same 10 - 20 every day. All of these sites are well known to not have viruses or spyware. And YES i don't open emails from anyone containing attachments.

I have XP setup on the main drive and have devoted the entire srive to XP.
Elemental: Reforged
Reply #28 from WinCustomize Forums Top
None of those scanners check the MBR for any problems just the harddrive. If everything your saying is true, Id say a virus did get in there and altered some of your settings. But thats my diagnosis from looking outside in.

I know my nforce chipset works perfect with SP2 and yours dont though. So you have a problem and it needs to be fixed.

Mabey using firefox will do it
Reply #29 from WinCustomize Forums Top
I believe Antivir and Trend Micro scan the MBR - it's fine. I never said SP2 dosen't work on my system - it just slows it down. Even if I'm using a new Hard Drive with a fresh install of XP pro +drivers and nothing else installed. And yes I have plenty of memory - 512 - to play with.

I'm very careful in my attempt to steer clear of viruses. I'm sure nothing got in there. Recommend me a virus scanner that you trust and I'll perform a scan and post the results just to show you I'm clean.

I downloaded the new BIOS file from the manufactuers website and burned it straight away to disk - rebooted and updated.

I will NOT use Firefox. Why should I use a product that I feel is inferior on my system? Nice try but I prefer IE.
Reply #30 from WinCustomize Forums Top
Do you think its not secure? The zealous say its secure for a reason. In fact, there are many people saying its secure that are not secure. I hope you dont think that the US government are firefox zealots cause they think its more secure.I mean secunia (the company that found both of the recent security flaws) works with mozilla to find these flaws.
And you are greatly exaggerating the security problems in firefox. mozilla in conjunction with secunia have found 2 flaws in their browser, one label as critical and the other label as mildly critical. The critical one was fixed before it was even exploited and right now we are talking about the second one which will most likely be fixed before its exploited.


Uh... Citizen Ka806, don't wanna pick and stuff, but the Firefox advisories that come to public attention are just a portion of the vuns that really exist out there. I've known this for some time now. Here's just a few of the more recent probs with FFX:

Exploits:

2005-5-21 - Mozilla Firefox "view-source:" Protocol Cross Domain Scripting Exploit

2005-5-21 - Mozilla Firefox "view-source:javascript" url Code Execution Exploit

2005-5-21 - Mozilla Suite and Firefox Script objects Command Execution Exploit

Advisories:

2005-5-8 - Mozilla Firefox "Extensions" Remote Code Execution Vulnerability

Source: Hackers Center


These are just the more known ones.
Reply #31 from WinCustomize Forums Top
I believe Antivir and Trend Micro scan the MBR - it's fine. I never said SP2 dosen't work on my system - it just slows it down. Even if I'm using a new Hard Drive with a fresh install of XP pro +drivers and nothing else installed. And yes I have plenty of memory - 512 - to play with.

I'm very careful in my attempt to steer clear of viruses. I'm sure nothing got in there. Recommend me a virus scanner that you trust and I'll perform a scan and post the results just to show you I'm clean.

I downloaded the new BIOS file from the manufactuers website and burned it straight away to disk - rebooted and updated.

I will NOT use Firefox. Why should I use a product that I feel is inferior on my system? Nice try but I prefer IE.


If its just a tad slower and thats it then there is nothing wrong with your system. If SP2 has a weird affect your my system and slows down boot time to 4 minutes and slows down the whole system to the point that it takes 2 minutes to launch any application, then something IS wrong with your system. The first step in fixing the problem is admitting it



Exploits:

2005-5-21 - Mozilla Firefox "view-source:" Protocol Cross Domain Scripting Exploit

2005-5-21 - Mozilla Firefox "view-source:javascript" url Code Execution Exploit

2005-5-21 - Mozilla Suite and Firefox Script objects Command Execution Exploit


Ummm cyber villian, all of those exploits refer to the one big bug that secunia released to the public and was swiftly fixed with firefox 1.04 before it was even exploited. Why do you think they have the same dates =P. Nice try though. The extension advisory was dealt with in firefox 1.04 also. That advisory deals with the extensions and not the browser itself. None of those problems are in firefox 1.04.

These are just the more known ones.


That quote makes no sense to me because firefox is open source, so they dont hide their secrets. What you see is what exsist so far. Granted more will likely surface, but that only because mozilla is researching extensively to find them, but when they find the problems, they tell the public. Open source methodology suggest that your code is not perfect, so you show everybody everything you have, in hopes to make that code perfect.
Reply #32 from WinCustomize Forums Top
If its just a tad slower and thats it then there is nothing wrong with your system. If SP2 has a weird affect your my system and slows down boot time to 4 minutes and slows down the whole system to the point that it takes 2 minutes to launch any application, then something IS wrong with your system. The first step in fixing the problem is admitting it


Let me spell this out to you since you can't buy a clue.

Without SP2 my system boots up in about a minute. With SP2 it boots up in about a minute and a half to 2 minutes.

Without SP2 my application launch as they should - about 20 seconds after I choose them from the start menu - under heavy load on the memory. With SP2 they take about 10 to 15 seconds more.

I exaggerated on my first post about SP2 - so sue me. I know for a fact I ain't got no virus or spyware on here.
Reply #33 from WinCustomize Forums Top
Let me spell this out to you since you can't buy a clue.

Without SP2 my system boots up in about a minute. With SP2 it boots up in about a minute and a half to 2 minutes.

Without SP2 my application launch as they should - about 20 seconds after I choose them from the start menu - under heavy load on the memory. With SP2 they take about 10 to 15 seconds more.

I exaggerated on my first post about SP2 - so sue me. I know for a fact I ain't got no virus or spyware on here.


Wow im sorry. You never mentioned it was an exaggeration. And its not like im snapping at you about it, so there is no reason you should going around saying I cant buy a clue or calling me an idiot. Im sorry but your acting like a real asshole. If you tell me that SP2 does those things then I will tell you that your system is messed up. This is totally unrelated to firefox or anything like that.

damn 20 secs for application launch..whats the specs on your system? Oh unless your exaggerating that also
Reply #34 from WinCustomize Forums Top
note that this very same flaw exists in IE6 with XP SP2 (fully patched). try the secunia test. i don't know why this isn't being reported by everyone who reports that the flaw exists in firefox.
Reply #36 from WinCustomize Forums Top
note that this very same flaw exists in IE6 with XP SP2 (fully patched). try the secunia test. i don't know why this isn't being reported by everyone who reports that the flaw exists in firefox.


Cause vulnerabilities is nothing new for Internet Explorer. If they reported this flaw for IE, IT professionals will be like "what else is new". With firefox its pretty big as the open source community want this software to be nothing short of perfect
Reply #37 from WinCustomize Forums Top
That quote makes no sense to me because firefox is open source, so they dont hide their secrets. What you see is what exsist so far. Granted more will likely surface, but that only because mozilla is researching extensively to find them, but when they find the problems, they tell the public. Open source methodology suggest that your code is not perfect, so you show everybody everything you have, in hopes to make that code perfect.


What I meant was that there are probly more Firefox vulnerabilities out there that are being exploited, but not reported. The Mozilla guys are pushing too much to try and show that M$ doesn't know what they're doing when it comes to security. That's gonna bite them in the a$$ later on because Microsoft has way more experienced people working for them than Mozilla does. Wait until FF gets more of the IE market share. Then, they're not gonna be able to support as good as they do right now.

The prob is that more people use IE (about 80%) than Firefox (about 8%), so there are more exploits for that reason. But when the use of FF increases, then so will the amount of exploits. Mean, hackers are going to go after the browser that more people use.

Perfect code? Never heard of no perfect code before.
Reply #38 from WinCustomize Forums Top
Cause vulnerabilities is nothing new for Internet Explorer. If they reported this flaw for IE, IT professionals will be like "what else is new". With firefox its pretty big as the open source community want this software to be nothing short of perfect


That's one way of looking at it. Another way of looking at it is that Firefox users are so arrogant and anal when it comes to browser security, that people get a kick out of pointing out when they have a problem. The same goes for Linux users.

At least that's a theory I've heard.

Posted via WinCustomize Browser/Stardock Central
Reply #39 from WinCustomize Forums Top
That's a good theory. And it's mostly true.

Ka806 - I realize I owe you an apology. Obviously you do know more about this stuff than I do and all I've managed to do with my posts is make myself look like a fool. So I'm sorry.
Reply #41 from WinCustomize Forums Top
The only reason there are so many hacks aimed at IE is because most people use it. At least the less savy internet users do, along with people who just like IE better. If you're gonna spend all your time trying to comprimise a system, your not going to bother with the small potatoes, you're going to go after something with a larger audience. And, IE has been around longer. More time for folks to figure out what is wrong with it. If Firefox gains an equal or greater market share than IE, then I'm betting we'll see all kinds of compromises of Firefox. I, for one, use Firefox. Mostly because it offers more features and uses less memory, not because of it's "safety features". If you browse carefully, then you shouldn't have a problem either way.
Reply #44 from WinCustomize Forums Top
perhaps it is horses for courses afterall. another theory ofcourse could be the danger of trafficking in generalizations and unbalanced assertions.
Reply #45 from WinCustomize Forums Top
Hmm, Micrsoft thinking adding tabs to IE 7.

What happened to Windows?? They even have a pathetic somewhat tabs in their latest toolbar. Maybe, Microsft can now rename their infamous operating system Windows to Tabs!!!

What was the sell pitch??

Oh, I remember, "You can open many Windows".
Reply #46 from WinCustomize Forums Top
You'll still have many open windows. Just because one program will have tabs doesn't mean all your programs are going to share the same window. And if you really like multiple IE windows, you'll probably still have that option.

Posted via WinCustomize Browser/Stardock Central
Reply #47 from WinCustomize Forums Top
Kind regards my friend Tarkus.

FireFox has tabs and is excellent. Imagine the cluttered taskbar while using IE (just one program) with multiple windows opened. How messy the taskbar is and other things are while juggling the different opened windows of IE. Trying to keep up, which sites are opened and where the window is for that site? Now imagine other programs being opened at the same time and how difficult the life is with the taskbar and grouping.

By the way, Microsoft Excel has tabs. Time has come to dump Windows in lieu of Tabs!!!
Reply #48 from WinCustomize Forums Top
Dell is trying to get Apple to let use it’s operating system on their PCs (Intel and AMD chips) for sale!!


That will NEVER happen. Apple OS X will always run on Apple hardware or Apple will lose money in their hardware sales.

And by the way - Dell has never used AMD chips at all. I wish.
Reply #49 from WinCustomize Forums Top
Kind regards my friend Skinner Kona0197.

Once I remember when I was young and bought a genuine IBM PC 8088. At that time there was no compatibles PCs. Paid Arm and Leg for it. Talked to an Apple salesman about buying IBM as it had 256KB RAM versus Apples 64KB. The Salesman didn’t see the future and couldn’t understand why somebody needed more than 64KB, as Apple had an excellent operating system.

IBM was in hardware, so they decided to give Bill Gates a chance and let him write the operating system, by his small company called Microsoft. “Micro” means minute. The rest is history and Microsoft is a giant today providing operating systems to IBM compatibles.

Apple always had better operating system but only sells hardware. What is their market share? Today all of us talk Linux. Back them there was GEM, based on Linux and nobody understood what it was. We all wanted PC DOS.

Please see the Link for Dell’s offer to Apple:
http://www.betanews.com/article/Dell_We_Would_License_Mac_OS_X/1118955105


This offer should make Apple a giant as it has still the best operating system, and what is wrong with clean competition.

By the way I admire Bill Gates and his Company. He is one of the benevolent people on our planet.

And, wouldn't be tabs better in IE, Windows Explorer and all across the range of Office XP!!
Reply #50 from WinCustomize Forums Top
I am aware of the offer from Dell to use OS X on dell machines. Apple will never do it though. they would lose to much money in their hardware sales.