Overclock.net › Forums › Industry News › Software News › [cnet] Firefox 3 suffers its first vulnerability
New Posts  All Forums:Forum Nav:

[cnet] Firefox 3 suffers its first vulnerability

post #1 of 74
Thread Starter 
Quote:
Less than one day after its launch, Firefox 3 has a vulnerability.

According to Tipping Point's Zero Day Initiative, the vulnerability, which it rates as critical, was reported within the first five hours of Firefox 3's release.

"Once the vulnerability was verified in TippingPoint's DVLabs and acquired from the researcher, the vulnerability was promptly reported to the Mozilla security team," said a representative.

Although the Zero Day Initiative team does not offer specifics until the vendor has a chance to patch it, the blog post did say this vulnerability, which also affects Firefox 2, requires user interaction and could result in an attacker executing arbitrary code.

Mozilla is reported to be working on a fix.

The Zero Day Initiative has been criticized in the past for paying researchers who find vulnerabilities.

Source
post #2 of 74
The last line doesn't make sense.
Akiyama Mio
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6420 @ stock, 0.98v Asus P5N-E SLI Gainward GTX 460 1GB @ 800/1600/1900 2x2GB Kingston @ 800MHz 5-5-5-15 2T 
Hard DriveOptical DriveOSMonitor
WD 250GB, 320GB SATA/3, 16MB Cache, Seagate 1TB LG GSA-H62N 18x SATA Ubuntu 9.10 x86 & Win7 x86 Asus VW222U 
KeyboardPowerCase
Logitech Classic Corsair 650HX NZXT Apollo Black 
  hide details  
Reply
Akiyama Mio
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6420 @ stock, 0.98v Asus P5N-E SLI Gainward GTX 460 1GB @ 800/1600/1900 2x2GB Kingston @ 800MHz 5-5-5-15 2T 
Hard DriveOptical DriveOSMonitor
WD 250GB, 320GB SATA/3, 16MB Cache, Seagate 1TB LG GSA-H62N 18x SATA Ubuntu 9.10 x86 & Win7 x86 Asus VW222U 
KeyboardPowerCase
Logitech Classic Corsair 650HX NZXT Apollo Black 
  hide details  
Reply
post #3 of 74
Quote:
Originally Posted by Coma View Post
The last line doesn't make sense.
Yes it does,

It means they are paying them for finding vulnerabilities, but are being criticized for it.

Atleast they didn't tell everyone, they made sure Mozilla knew and let them fix it.
post #4 of 74
Why owuld they be critisized o.o isn't this helping firefox and making it better? They're not releasing this to everyone so that they can attack firefox users.
post #5 of 74
if they pay people to find faults, more faults will be found and then fixed by mozilla
Main system
(15 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 2500 Gigabyte H67MA-D2H Nvidia GTX460 Kingston 4GB DDR3 1600 C9 
Hard DriveHard DriveCoolingOS
1TB Seagate 7200rpm Intel SSD Zalman CNPS10X Windows 7 
MonitorPowerCase
22" Viewsonic VX2250W LED 700w Thermaltake Litepower Antec 300 
  hide details  
Reply
Main system
(15 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 2500 Gigabyte H67MA-D2H Nvidia GTX460 Kingston 4GB DDR3 1600 C9 
Hard DriveHard DriveCoolingOS
1TB Seagate 7200rpm Intel SSD Zalman CNPS10X Windows 7 
MonitorPowerCase
22" Viewsonic VX2250W LED 700w Thermaltake Litepower Antec 300 
  hide details  
Reply
post #6 of 74
Quote:
Originally Posted by Mxbn0 View Post
if they pay people to find faults, more faults will be found and then fixed by mozilla
Why the hell is everything in your sig (overclocked)?

I'm eating a cookie (overclocked)!

Still, every code has problems, so you can't really blame Mozilla...
    
CPUMotherboardGraphicsRAM
E8400 GIGABYTE GA-P35-DS3L eVGA 9800GT Stock Speeds GSkill 4GB (2x2GB) PC6400 
Hard DriveOptical DriveOSMonitor
Samsung F3 500GB Samsung 22X DVD Drive Windows 7 64-bit 22" Acer x223w 
KeyboardPowerCaseMouse
IBM Model M Model 1391401 Antec EarthWatts 500W Troglodytic Tech Terminal Razer Deathadder 
Mouse Pad
Steelseries Qck+ 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
E8400 GIGABYTE GA-P35-DS3L eVGA 9800GT Stock Speeds GSkill 4GB (2x2GB) PC6400 
Hard DriveOptical DriveOSMonitor
Samsung F3 500GB Samsung 22X DVD Drive Windows 7 64-bit 22" Acer x223w 
KeyboardPowerCaseMouse
IBM Model M Model 1391401 Antec EarthWatts 500W Troglodytic Tech Terminal Razer Deathadder 
Mouse Pad
Steelseries Qck+ 
  hide details  
Reply
post #7 of 74
Quote:
Originally Posted by xHassassin View Post
Why the hell is everything in your sig (overclocked)?

I'm eating a cookie (overclocked)!

Still, every code has problems, so you can't really blame Mozilla...
Btw, how on earth do you overclock a PSU?

on topic- (I'm mozilla's #1 fanboy, so take this with a grain of salt)

Firefox is still the best option for a web browser, IMO. Mozilla will actually fix problems that come up (*cough* *microsoft* *cough*) and it's much prettier and more supported than opera.

I dunno what to think about grey hats- I guess they help discover security problems, but sometimes I think that all of that talent could be better put to use in a better way. But whatever, I guess that they enjoy it, and I DO believe that it's useful. It's stupid that developers will sometimes try to keep bugs quiet rather than fix 'em.

just my $.02

-Mark
my baby
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 G0 @ 4.0 EVGA 780i 2x GTS 512 SLi 770/linked/1050 2x 2gb G.Skill PQ DDR2-1000 
Hard DriveOSMonitorKeyboard
2x 250Gb 7200.10 (raid 0) Arch Linux 64 Samsung T240 Saitek eclipse 
PowerCaseMouse
OCZ GameXStream 700 watt Cooler Master 690 Razer Deathadder 
  hide details  
Reply
my baby
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 G0 @ 4.0 EVGA 780i 2x GTS 512 SLi 770/linked/1050 2x 2gb G.Skill PQ DDR2-1000 
Hard DriveOSMonitorKeyboard
2x 250Gb 7200.10 (raid 0) Arch Linux 64 Samsung T240 Saitek eclipse 
PowerCaseMouse
OCZ GameXStream 700 watt Cooler Master 690 Razer Deathadder 
  hide details  
Reply
post #8 of 74
I applaud them for paying people to find vulnerabilities. This just means that more get found and fixed. Nothing wrong there. Other companies do it too.

To the poster directly above me. They keep them quiet till they can fix them. This way everybody and their brother doesn't exploit them.
My Pwny!
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II 920 Asus M3A79-T Deluxe 6950 2GB 8GB @ 800Mhz 
Hard DriveOSPowerCase
Perc 5/i Raid 0 w/ 2x 320GB + Raid 5 w/ 6x 750GB Windows 7 x64 Pro Antec 850W Antec 1200 
  hide details  
Reply
My Pwny!
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II 920 Asus M3A79-T Deluxe 6950 2GB 8GB @ 800Mhz 
Hard DriveOSPowerCase
Perc 5/i Raid 0 w/ 2x 320GB + Raid 5 w/ 6x 750GB Windows 7 x64 Pro Antec 850W Antec 1200 
  hide details  
Reply
post #9 of 74
So let's just announce the vulnerability to the whole world.......great.....
PWNzershreck
(15 items)
 
  
CPUMotherboardGraphicsRAM
4930K @ 4.6 GHz ASUS Rampage IV Black Edition MSI GTX 1080 FE Heatkiller Acetal 16 GB Corsair Vengeance 1600C9 
Hard DriveOptical DriveCoolingOS
2x Samsung 840 Pro  ASUS DVD-RW SATA Koolance 380i & 2x HW Labs 480GTX Arch Linux x86_64, Windows 7 x64 
MonitorKeyboardPowerCase
LG UC88-B Ultrawide, ASUS VS278Q Ducky Corsair AX1200i Caselabs STH10 
MouseMouse PadAudio
Logitech G500 Func 1030 ASUS Xonar Essence STX 
  hide details  
Reply
PWNzershreck
(15 items)
 
  
CPUMotherboardGraphicsRAM
4930K @ 4.6 GHz ASUS Rampage IV Black Edition MSI GTX 1080 FE Heatkiller Acetal 16 GB Corsair Vengeance 1600C9 
Hard DriveOptical DriveCoolingOS
2x Samsung 840 Pro  ASUS DVD-RW SATA Koolance 380i & 2x HW Labs 480GTX Arch Linux x86_64, Windows 7 x64 
MonitorKeyboardPowerCase
LG UC88-B Ultrawide, ASUS VS278Q Ducky Corsair AX1200i Caselabs STH10 
MouseMouse PadAudio
Logitech G500 Func 1030 ASUS Xonar Essence STX 
  hide details  
Reply
post #10 of 74
I guess I'm going to go Opera, then... >.>
    
CPUMotherboardGraphicsRAM
i7 4790k @ 4.7GHz Asus Z97 Pro Gaming EVGA 1080 Ti FTW3 @ 2050 MHz 32GB G Skill Sniper DDR3-2133 
Hard DriveHard DriveHard DriveOptical Drive
Intel 600p m.2 512GB Crucial M500 SSD 960GB Toshiba X300 HDD 3TB LG Blu Ray Burner 
CoolingOSMonitorMonitor
Cooler Master Nepton 240m Windows 10 Pro Samsung 34" Curved Ultrawide (3440x1440) Samsung 22" Portrait (1080x1920) 
KeyboardPowerCaseMouse
Poker II Cherry MX Brown, KBParadise V80 Cherry... EVGA G2 650W Cooler Master Silencio 652s Steelseries Sensei Wireless 
Mouse PadAudioAudio
Tekmat SIG 556 SMSL Q5 Pro DAC Bowers & Wilkins DM601 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7 4790k @ 4.7GHz Asus Z97 Pro Gaming EVGA 1080 Ti FTW3 @ 2050 MHz 32GB G Skill Sniper DDR3-2133 
Hard DriveHard DriveHard DriveOptical Drive
Intel 600p m.2 512GB Crucial M500 SSD 960GB Toshiba X300 HDD 3TB LG Blu Ray Burner 
CoolingOSMonitorMonitor
Cooler Master Nepton 240m Windows 10 Pro Samsung 34" Curved Ultrawide (3440x1440) Samsung 22" Portrait (1080x1920) 
KeyboardPowerCaseMouse
Poker II Cherry MX Brown, KBParadise V80 Cherry... EVGA G2 650W Cooler Master Silencio 652s Steelseries Sensei Wireless 
Mouse PadAudioAudio
Tekmat SIG 556 SMSL Q5 Pro DAC Bowers & Wilkins DM601 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [cnet] Firefox 3 suffers its first vulnerability