Visit the Ironworks Gaming Website Email the Webmaster Graphics Library Rules and Regulations Help Support Ironworks Forum with a Donation to Keep us Online - We rely totally on Donations from members Donation goal Meter

Ironworks Gaming Radio

Ironworks Gaming Forum

Go Back   Ironworks Gaming Forum > Ironworks Gaming Forums > General Discussion

Reply
 
Thread Tools Search this Thread
Old 11-13-2008, 07:39 PM   #1
Felix The Assassin
The Dreadnoks
 

Join Date: September 27, 2001
Location: Orlando, FL
Age: 61
Posts: 3,608
Default ATTN: FireFox Users:

There has been a post in reference to Firefox and script errors. Two articles hot off the press today. The first one is Firefox updates, including one which directly address' the Java script errors with "MFSA 2008-53 XSS". The second involves the chrome browser with Google.

November 12th, 2008
Firefox security makeover: 11 vulnerabilities, 4 critical

Posted by Ryan Naraine @ 7:40 pm

Categories: Patch Watch, Browsers, Vulnerability research, Responsible disclosure, Exploit code, Mozilla, Firefox, Denial of Service (DoS), Linux, Arbitrary Code Execution, Malware

Tags: Mozilla Firefox, Vulnerability, JavaScript, Web Browser, Mozilla Corp., Web Browsers, Security, Internet, Ryan Naraine
21 TalkBacks

11 vulnerabilities, 4 critical Mozilla has released a new version of its flagship Firefox browser to fix a total of 11 vulnerabilities that expose users to code execution, information stealing or denial-of-service attacks.

Four of the 11 flaws covered with the new Firefox 3.0.4 are rated “critical” because of the risk of code execution attacks via specially rigged Web pages.

The four critical vulnerabilities are:

* MFSA 2008-55 Crash and remote code execution in nsFrameManager. A vulnerability in part of Mozilla’s DOM constructing code can be exploited by modifying certain properties of a file input element before it has finished initializing. When the blur method of the modified input element is called, uninitialized memory is accessed by the browser, resulting in a crash. This crash may be used by an attacker to run arbitrary code on a victim’s computer.
* MFSA 2008-54 Buffer overflow in http-index-format parser. This is a flaw in the way Mozilla parses the http-index-format MIME type. By sending a specially crafted 200 header line in the HTTP index response, an attacker can cause the browser to crash and run arbitrary code on the victim’s computer.
* MFSA 2008-53 XSS and JavaScript privilege escalation via session restore. The browser’s session restore feature can be used to violate the same-origin policy and run JavaScript in the context of another site. Any otherwise unexploitable crash can be used to force the user into the session restore state. This vulnerability could also be used by an attacker to run arbitrary JavaScript with chrome privileges.
* MFSA 2008-52 Crashes with evidence of memory corruption. Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

The Firefox update also fixes the following issues:

* MFSA 2008-58 Parsing error in E4X default namespace
* MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
* MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
* MFSA 2008-51 file: URIs inherit chrome privileges when opened from chrome
* MFSA 2008-47 Information stealing via local shortcut files



November 13th, 2008
Google Chrome vulnerable to data theft flaw

Posted by Ryan Naraine @ 7:54 am

Categories: Patch Watch, Browsers, Vulnerability research, Responsible disclosure, Spam and Phishing, Spyware and Adware, Data theft, Open source, Google, Arbitrary Code Execution, Google Chrome

Tags: Google Inc., HTML, Flaw, Google Chrome, File, Security, Ryan Naraine
5 TalkBacks

Google Chrome vulnerable to data theft flawGoogle has seeded a new version of its Chrome browser to developers with fixes for a pair of security issues that could expose users to data theft.

The issue, rated as a “moderate” risk could allow hackers to use HTML files to steal arbitrary files from a victim’s machine.

Details below:

* r4188 and r4827 Address an issue with downloaded HTML files being able to read other files on your computer and send them to sites on the Internet. We now prevent local files from connecting to the network using XMLHttpRequest() and also prompt you to confirm a download if it is an HTML file.
o Severity: Moderate. If a user could be enticed to open a downloaded HTML file, this flaw could be exploited to send arbitrary files to an attacker.

The patch, which will eventually be rolled out via Chrome’s automatic update feature, also adds new features around bookmarking and pop-up blocking.



Both articles can be found @ http://www.zdnet.com/
__________________
The Lizzie Palmer Tribute



Let every nation know, whether it wishes us well or ill, that we shall pay any price, bear any burden, meet any hardship, support any friend, oppose any foe to assure the survival and the success of liberty.

John F. Kennedy
35th President of The United States

The Last Shot

Honor The Fallen

Jesus died for our sins, and American Soldiers died for our freedom.




If you don't stand behind our Soldiers, please feel free to stand in front of them.
Felix The Assassin is offline   Reply With Quote
Old 11-14-2008, 03:30 AM   #2
Stratos
Vampire
 

Join Date: January 29, 2003
Location: Sweden
Age: 43
Posts: 3,888
Default Re: ATTN: FireFox Users:

I don't use Chrome but I just updated to FF 3.0.4. Thanks for the warning.
__________________
Nothing is impossible, it's just a matter of probability.
Stratos is offline   Reply With Quote
Old 11-14-2008, 05:08 AM   #3
Variol (Farseer) Elmwood
Jack Burton
 

Join Date: May 16, 2003
Location: Dartmouth, NS Canada
Age: 58
Posts: 5,634
Default Re: ATTN: FireFox Users:

I just got the pop-up the update last night. I didn't restart yet.

So, will this help with that stupid script message I get, or does this patch make things worse?

...I'm still tempted to go back to FF2.
__________________
A MAN WHO WANTS FOR NOTHING HAS INFINITE WEALTH. (me)
Variol (Farseer) Elmwood is offline   Reply With Quote
Old 11-14-2008, 06:27 AM   #4
Felix The Assassin
The Dreadnoks
 

Join Date: September 27, 2001
Location: Orlando, FL
Age: 61
Posts: 3,608
Default Re: ATTN: FireFox Users:

Quote:
Originally Posted by Variol (Farseer) Elmwood View Post
I just got the pop-up the update last night. I didn't restart yet.

So, will this help with that stupid script message I get, or does this patch make things worse?

...I'm still tempted to go back to FF2.
As with any update, the intent is to "fix" as many issue as possible across a very mass spectrum of users, hardware, and systems. I read your issue to be Java related, and it is addressed in this patch. As with anything nowadays, nothing is guaranteed. FF2 is smother, but a bit dated, and has it's own series of issues.
__________________
The Lizzie Palmer Tribute



Let every nation know, whether it wishes us well or ill, that we shall pay any price, bear any burden, meet any hardship, support any friend, oppose any foe to assure the survival and the success of liberty.

John F. Kennedy
35th President of The United States

The Last Shot

Honor The Fallen

Jesus died for our sins, and American Soldiers died for our freedom.




If you don't stand behind our Soldiers, please feel free to stand in front of them.
Felix The Assassin is offline   Reply With Quote
Old 11-14-2008, 06:46 AM   #5
dplax
Jack Burton
 

Join Date: July 19, 2003
Location: an expat living in France
Age: 38
Posts: 5,577
Default Re: ATTN: FireFox Users:

I still prefer FF2, mostly due to the fact that I prefer the way the address bar worked in it...
__________________

dplax is offline   Reply With Quote
Old 11-14-2008, 07:06 AM   #6
Variol (Farseer) Elmwood
Jack Burton
 

Join Date: May 16, 2003
Location: Dartmouth, NS Canada
Age: 58
Posts: 5,634
Default Re: ATTN: FireFox Users:

I never had any "issues" with FF2.
__________________
A MAN WHO WANTS FOR NOTHING HAS INFINITE WEALTH. (me)
Variol (Farseer) Elmwood is offline   Reply With Quote
Old 11-14-2008, 07:28 PM   #7
Felix The Assassin
The Dreadnoks
 

Join Date: September 27, 2001
Location: Orlando, FL
Age: 61
Posts: 3,608
Default Re: ATTN: FireFox Users:

Quote:
Originally Posted by Variol (Farseer) Elmwood View Post
I never had any "issues" with FF2.
Transparent issues to most users. However, as fast, sleek, and more manageable as it felt to users, hackers found it to be just as 'nice'. *Most* users of the Internet may never experience an issue, others seem to delve upon issue presence. Really thou, it all depends on where you go, what you click while there, and how you manage your security settings.
__________________
The Lizzie Palmer Tribute



Let every nation know, whether it wishes us well or ill, that we shall pay any price, bear any burden, meet any hardship, support any friend, oppose any foe to assure the survival and the success of liberty.

John F. Kennedy
35th President of The United States

The Last Shot

Honor The Fallen

Jesus died for our sins, and American Soldiers died for our freedom.




If you don't stand behind our Soldiers, please feel free to stand in front of them.
Felix The Assassin is offline   Reply With Quote
Old 11-19-2008, 07:38 AM   #8
Lavindathar
Harper
 

Join Date: March 21, 2001
Location: Lancs, England
Age: 39
Posts: 4,729
Default Re: ATTN: FireFox Users:

Not had any issues with any of them so far.
__________________
=@
Lavindathar is offline   Reply With Quote
Old 11-19-2008, 08:58 AM   #9
Variol (Farseer) Elmwood
Jack Burton
 

Join Date: May 16, 2003
Location: Dartmouth, NS Canada
Age: 58
Posts: 5,634
Default Re: ATTN: FireFox Users:

I find the latest version is slower.
__________________
A MAN WHO WANTS FOR NOTHING HAS INFINITE WEALTH. (me)
Variol (Farseer) Elmwood is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Firefox 2 Memnoch General Discussion 8 10-25-2006 11:36 PM
Is Firefox better then IE toot033 General Discussion 64 10-22-2006 08:00 AM
Firefox 1.0.4 is Out LennonCook General Discussion 8 05-13-2005 07:47 PM
IE >> Firefox Blunderbuss General Conversation Archives (11/2000 - 01/2005) 5 12-18-2004 05:31 PM
Firefox Sir Degrader General Conversation Archives (11/2000 - 01/2005) 25 10-18-2004 08:31 AM


All times are GMT -4. The time now is 12:37 AM.


Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
©2024 Ironworks Gaming & ©2024 The Great Escape Studios TM - All Rights Reserved