"Online attack code has been released targeting a critical, unpatched flaw in the Firefox browser.
The attack code, written by security researcher Guido Landi was published on several security sites Wednesday, sending Firefox developers scrambling to patch the issue. Until the flaw is patched, this code could be modified by attackers and used to sneak unauthorized software onto a Firefox user's machine. By tricking a victim into viewing a maliciously coded XML file, an attacker could use this bug to install unauthorized software on a victim's system"
Just a warning to all us FF users to beware, till 3.08 is released next week, as there seems to be no way of reducing the attack vector at this time, at least it will get patched quickly.
Thanks, Gary. So, that's us all off line for a week then? ;D
Quote from: Rik on Mar 26, 2009, 08:57:42
Thanks, Gary. So, that's us all off line for a week then? ;D
Just duck and dive, Rik ;D That sounds like a dance......
Or me playing tennis. :)
Quote from: Rik on Mar 26, 2009, 09:00:08
Or me playing tennis. :)
:lol: or me asking Justina to paint the shed
;D
You need a more subtle approach. :)
Go on Safari :blush:
Swinging? ;)
My wife would not approve and I'd get the ugly one.
for those that want to look further. The link below does not exploit the system...
http://www.milw0rm.com/exploits/8285
and yes the file you can download happily crashed my ff
Quote from: stevethegas on Mar 26, 2009, 09:10:57
My wife would not approve and I'd get the ugly one.
Someone who wasn't into hi fi in the 60s. ;D
Quote from: somanyholes on Mar 26, 2009, 09:13:26
for those that want to look further. The link below does not exploit the system...
http://www.milw0rm.com/exploits/8285
and yes the file you can download happily crashed my ff
I just get:
// firefox XSL parsing remote memory corruption poc
// k`sOSe - works both in windows and linux
http://milw0rm.com/sploits/2009-ffox-poc.tar.gz
# milw0rm.com [2009-03-25]
If you uncompress it and then open the file ff crashes.
Ah, I wasn't that keen. ;)
Quote from: Rik on Mar 26, 2009, 09:04:15
;D
You need a more subtle approach. :)
I tried that, Rik. I said the garden gate would only take an hour, it took 2 and a half :red:
I start at five minutes. :)
So which is the safest browser this week? ::)
i reckon links is
http://en.wikipedia.org/wiki/Links_(web_browser) (http://en.wikipedia.org/wiki/Links_(web_browser))
Quote from: Sebby on Mar 26, 2009, 13:14:24
So which is the safest browser this week? ::)
The oone on a computer not switched on :)
;D
It's becoming increasingly true, unfortunately. :(
Quote from: somanyholes on Mar 26, 2009, 13:31:51
i reckon links is
http://en.wikipedia.org/wiki/Links_(web_browser) (http://en.wikipedia.org/wiki/Links_(web_browser))
Never heard of it, so thanks. :)
it's an old school text based browser sebby, that isn't much use in the web world today. The reason it's probably fairly secure is the fact that there's pretty much no addons that you can use and get owned by. No flash, pdf's active x so on and so forth. A neat little appp for basic text stuff though.
http://www.jikos.cz/~mikulas/links/screenshots/jpg.html
interesting read
http://nsslabs.com/test-reports/NSS%20Labs%20Browser%20Security%20Test%20-%20Socially%20Engineered%20Malware.pdf
And I so wanted to avoid IE8. :)
give it time and it will all level out ;)
I was planning to, So. ;)
Quote from: somanyholes on Mar 27, 2009, 08:08:48
interesting read
http://nsslabs.com/test-reports/NSS%20Labs%20Browser%20Security%20Test%20-%20Socially%20Engineered%20Malware.pdf
This link is dead for me!
How long have you got? :)