Do you run the latest Firefox?

[Forfit]

 

Computer users who have not upgraded to the latest version of Mozilla's Firefox browser may now have an extra incentive to do so, thanks to a hacker who has posted an exploit.

 

Exploit Shown 

 

 

On Sunday, a hacker going by the name of Aviv Raff published sample code that could be used to take over the computers of Firefox users running version 1.0.4 or earlier of the browser. The exploit takes advantage of a known bug in the way Firefox processes the popular Javascript Web programming language.

 

 

"I think it's been enough time for people to upgrade from v1.0.4. of Firefox. So, here is the PoC [proof of concept] exploit for the... vulnerability," he wrote on his blog.

 

 

The bug was fixed in Mozilla version 1.0.5, which was released during the summer, and has also been fixed in version 1.7.9 of the Mozilla Suite, said Mike Schroepfer, vice president of engineering with Mozilla. "As long as users keep updated to the latest version, they're, in general, very safe."

 

Similar to IE Flaw

 

In some ways, this latest exploit is similar to highly publicized attack code that has been circulating for the Microsoft Internet Explorer browser, said Russ Cooper, editor of the NTBugtraq newslist and a scientist with security vendor Cybertrust.

 

 

"It can install and run code of the attacker's choice if a victim visits a malicious Web site," he said of the IE bug in an interview via instant message.

 

 

Users who are not already in the habit of frequently updating their browsers should change their ways, because browsers are "historically broken," Cooper said. "That means they have vulnerabilities regularly," he added. "You should keep them updated within 30 days of patches being made available, regardless of what the patch is for."

 

 

The IE code, which was published in November, takes advantage of a Javascript problem that has not yet been patched.

 

 

Many security experts expect Microsoft to patch its Javascript bug on Tuesday, but the Redmond, Washington, software giant has not confirmed that this will be the case.

 

Source

Edited December 14, 2005 by Forfit

[holdenrulz]

I don't know about anyone else but I don't see this as a problem, I mean my version is 1.0.7 so you would have to miss 3 updates to be vunerable and considering you get a little update icon next to the loading graphic it's not as if it's hard to know when to update. Seriously it was about going to happen eventually to Firefox as it is becoming more and more popular and as he said:

 

I think it's been enough time for people to upgrade from v1.0.4. of Firefox.

Frankly unless you have a very good reason not to update I don't want to hear people complain about this being used against them.

 

That and Microsoft has no excuse for not patching IE if you use it good luck

[SWEETSAPRIK]

Isn't this the Javascript vulnerability that Firefox warned people about before anyone had seen it exploited? I distinctly remember reading a warning about how you should disable Javascript until they released the next version, so I did. Then a new version came out very soon after. But yeah, I can't think of a reason why anyone would still be using v1.0.4.

[Wolf68k]

There have been times that update icon didn't show up for days after a major release for me. Hell I've had times I didn't even notice the update icon because I don't look at the browser's spinning load icon but instead watch the tab's load icon.

 

And you still being on 1.07 might not see the browser update icon, the red one, any more since 1.0x is no longer being made.

[Cran.]

Meh, whenever the thing pops up below saying "New updates avalible" I never click it. Although, i'm only running the latest version now because I reformated

[segosa]

There have been times that update icon didn't show up for days after a major release for me. Hell I've had times I didn't even notice the update icon because I don't look at the browser's spinning load icon but instead watch the tab's load icon.

Interesting, because my eye always seems to notice the update icon, even if I'm not looking in that area. I guess that explains why even after I explained it to my parents/grandparents, they never seem to notice updates to Firefox.

[Svip]

Oh yeah, the fact that 1.5RC1 is out does not bother you?

 

Besides, I have to complain about 1.5RC1 to Mozilla. :<

[segosa]

Uh, 1.5 final is out.....

[Svip]

Uh, 1.5 final is out.....

Even worse! I just noticed by the way.

[Wolf68k]

Uh, 1.5 final is out.....

Even worse! I just noticed by the way.

He must have missed the update icon too.

[Svip]

Uh, 1.5 final is out.....

Even worse! I just noticed by the way.

He must have missed the update icon too.

It's more embarrising than that, cause I had 1.5 installed already.

[Bond996]

Uh, 1.5 final is out.....

Even worse! I just noticed by the way.

He must have missed the update icon too.

It's more embarrising than that, cause I had 1.5 installed already.

Well then wasn't it automatically updating for you? RC1 to RC2 went auto for me, as did RC3 to Final. In between 2 and 3 I saw it on digg first and downloaded it.

[facugaich]

facugaich looks up FF version

 

HOLY SH*T

 

 

facugaich runs (to mozilla.org that is)

[Cran.]

facugaich looks up FF version

 

HOLY SH*T

 

 

facugaich runs (to mozilla.org that is)

It's mozilla.com now

[holdenrulz]

facugaich looks up FF version

 

HOLY SH*T

 

 

facugaich runs (to mozilla.org that is)

It's mozilla.com now

Isn't it Getfirefox.com

[Wolf68k]

No it's now mozilla.com, it was mozilla.org

getfirefox.com was promtional deal which I believe then, and now, just sents you to Mozilla's web site.

[Svip]

No it's now mozilla.com, it was mozilla.org

getfirefox.com was promtional deal which I believe then, and now, just sents you to Mozilla's web site.

Remember; Mozilla.com is for downloading of final versions, Mozilla.org is for work in progress and Alpha/Beta/RC downloads, while SpreadFirefox.com is a community site. Besides I think Mozilla has their own forums.

[anus]

Is the guy making the code for Opera as well? I'm using Opera here, so I'm happy to see no mention of it on the topic . /me kisses Opera .

[Statico]

I have FF 1.5

[Forfit]

 

Is the guy making the code for Opera as well? I'm using Opera here, so I'm happy to see no mention of it on the topic . /me kisses Opera .

I use Opera too, and i love every bit of it its really fantastic! I just posted this because i know that people here use Firefox....but from the looks of things everyone is staying on top of their updates anyways.

[niteangel´]

One thing is sure.

GTAF runs a lot faster with FF 1.5.

[Twistie]

I'm a webdesigner so I use Firefox, Opera, Netscape 7, Netscape 8, Mozilla and IE. I am well aware that Firefox, Netscape 7 and 8 and Mozilla are all based on the mozilla browser but they slightly change the rendering of some pages due to the default settings.

 

I use firefox for everyday use because I have almost 50 extensions installed most of which i use (don't ask how long it takes to load... lets just say i very rarely ever close firefox!). I use Opera alot too. Opera has a nice simple interface but doesn't provide alot of the more advanced options that i want/NEED! I havn't upgraded to adless Opera yet but there is really no need to considering the rendering hasn't chnaged. I'll just keep letting them earn money off me... I don't care!