MozillaZine

firefox also vulnerable???

Discussion of general topics about Mozilla Firefox
hekkie
 
Posts: 19
Joined: October 23rd, 2003, 12:08 am

Post Posted November 29th, 2005, 12:57 am

try this -->

"A proof of concept page is available at computerterrorism.com to convince yourself that this does, indeed, work."
http://www.security.ithub.com/article/U ... 164_1.aspx
http://www.computerterrorism.com/research/ie/poc.htm

Thumper

User avatar
 
Posts: 8037
Joined: November 4th, 2002, 5:42 pm
Location: Linlithgow, Scotland

Post Posted November 29th, 2005, 1:21 am

Maybe if you'd bothered trying it yourself instead of running in here shouting about it, you'd see it isn't. Jeez.

- Chris

hekkie
 
Posts: 19
Joined: October 23rd, 2003, 12:08 am

Post Posted November 29th, 2005, 1:30 am

Thumper wrote:Maybe if you'd bothered trying it yourself instead of running in here shouting about it, you'd see it isn't. Jeez.

- Chris

i have tried it with FF on linux and when javascript is enabled it crashed...so...i dont want to 'shout' about it...the article goes about an IE flaw...i was only asking if it also was crashing on somebody else using FF.

rayo
 
Posts: 217
Joined: November 21st, 2004, 3:07 am
Location: Australia

Post Posted November 29th, 2005, 2:47 am

hekkie wrote:i was only asking if it also was crashing on somebody else using FF.


Well it crashed mine, using W2K. Had to reboot to start it up again.

bollix47
Folder@Home
 
Posts: 1195
Joined: November 1st, 2004, 2:43 pm
Location: Toronto, Canada

Post Posted November 29th, 2005, 4:14 am

Crashes here too on Windows XP - did not have to reboot ... only Fx crashed

This is already in bugzilla

https://bugzilla.mozilla.org/show_bug.cgi?id=317334

Thumper

User avatar
 
Posts: 8037
Joined: November 4th, 2002, 5:42 pm
Location: Linlithgow, Scotland

Post Posted November 29th, 2005, 5:23 am

The exploit is arbitrary code execution, not "crashing". People should really be banned from reading security advisories without a note from their doctor.

- Chris

bollix47
Folder@Home
 
Posts: 1195
Joined: November 1st, 2004, 2:43 pm
Location: Toronto, Canada

Post Posted November 29th, 2005, 5:37 am

Sorry Chris but when I get a window popping up that says "Firefox failing to respond..." and my only option is to "End Now" then I call it a crash. If my definition is incorrect so be it.

KillingTime
 
Posts: 158
Joined: November 1st, 2003, 10:46 am

Post Posted November 29th, 2005, 5:53 am

I think you missed the point, Bollix47. The exploit is supposed to allow an attacker to execute arbitrary code on your PC, but in the case of Firefox all it does is cause a crash. Crashing may be far from ideal behaviour, but it beats the hell out of allowing malicious code to be run!
A society that gets rid of all its troublemakers goes downhill. - Robert A. Heinlein

Spaceman-Spiff
 
Posts: 46
Joined: November 28th, 2002, 6:25 pm

Post Posted December 1st, 2005, 12:57 am

Bumping old topic here...

The page still crashes latest FF release (1.5 RC3). Though the exploit doesn't in FF, the buffer overflow exploit still manages to crash the browser, which is still a bad thing. Some malicious person can just use this to crash FF browsers.

The website doesn't do anything in Opera, it doesn't even crash Opera.

Thumper

User avatar
 
Posts: 8037
Joined: November 4th, 2002, 5:42 pm
Location: Linlithgow, Scotland

Post Posted December 1st, 2005, 2:04 am

We know. It'll get fixed at some point. This kind of crash isn't considered a priority, because as it isn't exploitable such sites don't exist in the wild.

- Chris

stevelam
 
Posts: 49
Joined: March 27th, 2005, 4:13 am

Post Posted December 1st, 2005, 1:40 pm

Thumper wrote:We know. It'll get fixed at some point. This kind of crash isn't considered a priority, because as it isn't exploitable such sites don't exist in the wild.

- Chris


It is now

http://www.theregister.co.uk/2005/12/01 ... it_trojan/

trparky
 
Posts: 14
Joined: January 19th, 2005, 2:43 pm
Location: Cleveland, OH

Post Posted December 9th, 2005, 8:08 am

Nevermind, wrong thread.
Tom
Darkscribes, Home of Anime and SciFi Fanfiction and Original works of Fiction.

scratch

User avatar
 
Posts: 4942
Joined: November 6th, 2002, 1:27 am
Location: Massachusetts

Post Posted December 9th, 2005, 12:01 pm

stevelam wrote:
Thumper wrote:We know. It'll get fixed at some point. This kind of crash isn't considered a priority, because as it isn't exploitable such sites don't exist in the wild.

- Chris


It is now

http://www.theregister.co.uk/2005/12/01 ... it_trojan/


yes, but you are unable to EXPLOIT anything with it in firefox.

oh noes, it crashes my browser! big deal.

GTK66
 
Posts: 1896
Joined: May 30th, 2004, 5:20 am

Post Posted December 10th, 2005, 7:16 pm

hekkie wrote:
Thumper wrote:Maybe if you'd bothered trying it yourself instead of running in here shouting about it, you'd see it isn't. Jeez.

- Chris

i have tried it with FF on linux and when javascript is enabled it crashed...so...i dont want to 'shout' about it...the article goes about an IE flaw...i was only asking if it also was crashing on somebody else using FF.


It does NOT crash my Firefox 1.5 with javascript enabled.

old zmanzero
 
Posts: 0
Joined: December 31st, 1969, 5:00 pm

Post Posted December 10th, 2005, 8:55 pm

seen the "terrorism". i have "noscript". i am immune to links posted in these forums. this is a weenie subject. just a weenie thing. out of all the postings i have observed concerning this subject they belong in the weenie barrel. with the pickels. post a link that will crash me and let's see what this is all about. i dare you. anyone.

Return to Firefox General


Who is online

Users browsing this forum: No registered users and 3 guests