Back to the articleAt least with Firefox... #
Posted Thursday 24th January 2008 08:47 GMT
...you know that patch will be here sooner rather than later. :-)
Mozilla security chief confirms data leakage bug in Firefox
Firefox users and security #
Posted Thursday 24th January 2008 08:45 GMT
Oh come on!! Anyone who uses firefox is going to have at least some knowledge of security!
As for adding an attacking website to your list of trusted sites, that a complete no brainer!!
Download Statusbar fixed #
Posted Thursday 24th January 2008 08:45 GMT
Download Statusbar extension fixed on 22/01:
Version 0.9.5.3 - January 22, 2008
Created .jar file structure to prevent security issues created by Firefox bug #413250
NoScript Protection Works Anyway #
Posted Thursday 24th January 2008 10:04 GMT
NoScript users are protected against exploitation of this bug anyway, no matter if the attacker site is on their trusted whitelist or not.
See
http://hackademix.net/2008/01/23/old-noscript-tricks-blocking-new-vulnerabilities/
for details.
@Firefox users and security #
Posted Thursday 24th January 2008 10:04 GMT
Firefox is designed to be used by new users and non techy users.
Have you spent more than 2 seconds with non techy users?
Knowledge of security ROFL!
@Firefox users and security #
Posted Thursday 24th January 2008 10:04 GMT
'Anyone who uses firefox is going to have at least some knowledge of security!'
And of course anyone who uses IE is a braindead untermensch who deserves to be hacked for financing Mr Gates' evil empire......
Firefox has become increasingly popular with non-technical users (I know several) and its popularity means that its increasingly open to scrutiny in terms of vulnerability....
Could we perhaps cease the knee-jerk 'MS bad. Firefox/Linux/Apple good' litanies that seem so prevalent on here and accept the fact that popular systems get hacked?
And for that matter, could we cease the smug, persistent myth that all end users are cretins? Just because you dont possess the complete works of Douglas Adams doesnt make you an idiot........
(Paris invoked here because I have a sneaking suspicion that she might not be as stupid as she looks either.....)
Browser Transversal #
Posted Thursday 24th January 2008 10:04 GMT
When IE goes wrong you say 'use Firefox'. When Firefox goes wrong you say 'use NoScript'. Where is the Opera love?
Although, I can see a point where there will be an article saying 'Firefox and Opera are broke, use IE'.
Then again... maybe not.
@Firefox users and security #
Posted Thursday 24th January 2008 11:03 GMT
"Oh come on!! Anyone who uses firefox is going to have at least some knowledge of security!"
Troll.
It's not so cut and dried #
Posted Thursday 24th January 2008 12:15 GMT
"As for adding an attacking website to your list of trusted sites, that a complete no brainer!!"
Not that simple though. If I visit a 'complex' site with NoScript running it can end up blocking several hosts and the site is completely broken. So you have to work out which hosts are important to make it work again. There's no simple way (yet) of knowing whether you can trust an individual host, so you still end up trusting them anyway or else your site remains broken.
It requires a fair bit of research to find out what each host gets up to. I bet most people running NoScript have unknown hosts which were trusted because the main site was trusted. That still leaves you open to malpractice by embedded content, which is on the increase.
So in a sense NoScript can only protect you in the same way that leaving your computer switched off can protect you. Anything else requires user decisions and research and is prone to error and misdirection like anything else.
Window Snyder #
Posted Thursday 24th January 2008 12:15 GMT
Is this really his name ? Window ? Good job his surname wasn't "Cleaner", or "Fitter", or "Pane".
What about . . . #
Posted Thursday 24th January 2008 12:38 GMT
. . . other Mozilla based apps possibly being affected, such as SeaMonkey?
@Chris: NoScript doesn't require any user decision in this case #
Posted Thursday 24th January 2008 14:12 GMT
If you read my first comment, you'd know this specific chrome script protection is independent from your whitelist, i.e. it applies to every site no matter if JavaScript is enabled or not (opposite to what Dan's article suggests).
@DJGM:
yes, it applies to SeaMonkey as well.
Window S. #
Posted Thursday 24th January 2008 14:40 GMT
Yes, that is her real name. She is Mozilla's Chief Security Officer with the actual job title, "Chief Security Something" She came from security at M$. Here is a C/net piece on her.
http://earthlink.com.com/Mozilla+looks+to+Microsoft+for+security/2008-7355_3-6117896.html
Re: Window S #
Posted Thursday 24th January 2008 15:39 GMT
She came from M$ and her name is Window ? so that operating system is really hers ?!!
To Giorgio Maone #
Posted Thursday 24th January 2008 17:29 GMT
I agree and I use it, I was just responding to the general statement "As for adding an attacking website to your list of trusted sites, that a complete no brainer!!"
@TrishaD #
Posted Thursday 24th January 2008 22:32 GMT
> its popularity means that its increasingly open to scrutiny in terms of vulnerability....
Vulnerabilities are not dependent on the number of users, and as the source code has been freely available for download since day one you'd think this would be a more efficient method of being "open to scrutiny". Yet still FF remains more secure, quite likely *because* it is open to scrutiny.
@BitTwister #
Posted Friday 25th January 2008 05:55 GMT
"Vulnerabilities are not dependent on the number of users, and as the source code has been freely available for download since day one you'd think this would be a more efficient method of being "open to scrutiny". Yet still FF remains more secure, quite likely *because* it is open to scrutiny."
Hang on a second, didn't we recently have a report that in fact more vulnerabilities were found in FF over the same period of time than IE.
Of course then all the FF fanbois at our place started saying "Well, that just means they're better at finding exploits" ... Of course they wouldn't recognise such an argument if I made it about Windows!
Like arguing with a brick wall.
@Mike Lovell #
Posted Saturday 26th January 2008 01:03 GMT
> more vulnerabilities were found in FF over the same period of time than IE.
Yeah, right - and like all Microsoft apologists you attempt to reduce the real issues down to a childishly simplistic 'vulnerability count'. If your 'method' had any validity or meaning then FF would be as vulnerable (or worse) than IE - yet *still* it isn't.
Sign up, sign up for The Register's weekly IT security newsletter - click here
Top stories
Popular Whitepapers
- Expert Roundtable: The Register Agile Data Center Summit
On-Demand Audio - Dell PowerEdge M710 with Dell EqualLogic storage vs. HP ProLiant BL685c with HP StorageWorks EVA 4400
Virtualizaed Exchange workload performance comparison of end-to-end solutions - Seven ways to optimize VMware server virtualization
Virtualized storage complimenting virtualized applications - Buyer's Guide: ERP Systems
ERP, a strategic investment - Hosted CRM Can Be Your Secret Weapon to Success!
Hosted CRM comparison guide - SMB phone systems product requirements worksheet
Learn which phone system best suits your business's needs
