http://news.com.com/Firefox+flaw+rai...bj=news.1002.5


this was posted on another forum i belong to just thought id share it.

[ 01-12-2005, 01:51 AM: Message edited by: coyote696 ]

FireFox patch rate isn't looking that healthy actualy. Still, IE has extremely critical exploits similar to this one unpatched after 6 months.

Have another three whilst there's a thread open about it:

http://www.theregister.co.uk/2005/01/07/mozilla_flaws/

There's always Opera ;)

No program is perfect you just have to know the real issues of the program you use and then decide if you still want to use it (cough*ie*cough). Try some googling on opera flaws/bugs [img]tongue.gif[/img]

But this is again a lesson safe web surfing. Don't download stuff from sources you're not sure of if they're safe. Thanks for the warning [img]smile.gif[/img]

there is a plug-in for FF that tells you if the website you are visiting is legit or not, forget the name of it, but I had it on an older version of firefox, might go and look it up here again after reading this [img]smile.gif[/img]
spoofstick

[ 01-12-2005, 02:00 PM: Message edited by: Stormymystic ]

Not if it's legit, it's about the real domain name. It shows the real name and if that's not what you see you know the address is spoofed. You still have to make the call if you trust it or not yourself, though the warning by the plugin definitely gives you something to ponder about. Thanks for the link! [img]smile.gif[/img]

welcome [img]smile.gif[/img] and that is what I meant, just not getting my meaning across today for some reason :/ well anyway, hope you find it usefull, for those who use IE still, there is also one for that browser [img]smile.gif[/img] just have to go to the guys homepage to get it.

<span style="color: lightblue">Note that if you're worried about any spoofing in this regard, it is easy enough to checked without any extensions: resize the dialogue. This, I believe, is most of the reason that it is 'less critical': Average Joe User can notice the problem easily.

<span style="color: lightblue">Ok, now I've had time to read that article...
Of the three vulnerabilities listed there,
The first is fixed in Seamonkey 1.7.5 , and seems to be atleast partially (if not completely - the article is unclear on that) fixed in Firefox 1.0 (and will be fully fixed in 1.1 in March if it isn't already).

The second one is nothing new, infact the same vulnerability mentioned in the first post (meaning, it's not "another three", but at most "another two").

The last one is just silly.
It says, quite simply, that other people can read Firefox's files. Other people can read your word documents, too. Other people can look at any images you make in GIMP or Photoshop. If you don't want that to be the case, the solution is to set the permissions on those files, not to put them in a different format.

In other words, the first is fixed; the second is redundant; and the third isn't Firefox's problem. ;)