Feeds

back to article Flaws galore in IE and Firefox

Polish security researcher Michal Zalewski, known for his seemingly unending stream of browser vulnerability discoveries, has struck again. This time he's reported four flaws that are sure to get the attention of bug squashers in both Microsoft and Mozilla camps. The most serious vulnerability could make it possible for cyber …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

The reality of bugs

Finally, a good programmer who's out there looking for bugs and not looking to crush companies.

Too bad there was no safari bugs found today; guess he was just busy.

...using IE7 and Firefox to test personal websites against spambots :)

0
0

Another Firefox Bug

Firefox also seems to display another bug, where it displays two number 3 items on the Full Disclosure page, instead of 3 & 4.

I shall expect full details to be posted in due course...

0
0

What no Opera???

Seems Opera is OK here, but then it's pretty rare that Opera vunrabilities are discovered, and they are always nailed down within days...

Opera seems to be designed with security in mind, but Mozilla and IE have secuirty bolted on...

0
0

Firefox

Also goes horrifically slowly if you open more than about 10 images. Its download manager (when open) locks the browser temporarily when adding downloads, it slows up when there are lots of images on the page.

0
0
Anonymous Coward

Security vs user-friendliness

It appears that the more user-friendly a piece of software gets, the more vulnerable it becomes. The Holy Grail of systems developers is to find the ultimate secure system that wipes your bottom for you in addition to looking as sexy as whoever your dream mate is. As in real life, it's not going to happen.

0
0

Re: Another Firefox Bug

IE 7 Seems to display the same bug... how wierd is that? And both browsers display two number threes in the source code view as well!!!!

Freaky! :D

0
0

hmm, just Another Job for NoScript?

Preventing these and many other yet unknown exploits is just as easy as installing the NoScript firefox extension.

Letting JavaScript run on every page you visit, intentionally or not, is just dumb.

Security is all about giving away the minimum privileges to do the work, and never, NEVER to strangers.

NoScript just brings the abc of security in the browser.

0
0

why no opera....

...cos Opera is a lot older than most people realise, and was never designed to emulate IE in any way, thankfully.

Shame Mozilla/Netscape lost sight of such a vital "feature".

0
0

Full disclosure

The question is, did he notify MS and Mozilla prior to post the vulns? If not he's not much better than a black hat. I've never posted without 30 days notice.

0
0
Bronze badge

FWIW

Safari (2.0.4), with "Enable JavaScript" and "Always accept cookies" selected (*NOT* my usual configuration!) returned:

"Failed to obtain cookie in 120 seconds.

"Your browser might be not vulnerable, or your

network performance deviates from what this

script expects. Try again or give up."

...Doesn't mean it's *SAFE*, but is, at least, one datum for Mr. Zalewski.

0
0

No JS here either

'Preventing these and many other yet unknown exploits is just as easy as installing the NoScript firefox extension.'

Have to agree, the NoScript plug-in should be installed by default. Of course it wont because it breaks a lot of sites and it requires some thought to go through the denied scripts. Joe Public isnt going to put up with the learning curve that entails.

0
0

This post has been deleted by its author

This topic is closed for new posts.