12.12.2017, 12:26 UhrDeutsch | English
Hallo Gast [ Registrierung | Anmelden ]

Neues Thema eröffnen   Neue Antwort erstellen
Vorheriges Thema anzeigen Druckerfreundliche Version Einloggen, um private Nachrichten zu lesen Nächstes Thema anzeigen
Autor Nachricht
Swynndla
Titel: firefox javascript vulnerability  BeitragVerfasst am: 02.10.2006, 23:40 Uhr



Anmeldung: 05. Dez 2005
Beiträge: 414
Wohnort: Auckland, New Zealand
Due to:
http://it.slashdot.org/article.pl?sid=06/10/01/148202
it may be a good idea to install:
https://addons.mozilla.org/firefox/722/
... ie the "noscript" firefox extension, which blocks sites running java and javascript except for the ones that you allow.

Apparently the vulnerability lets people get access to your home directory.

It seems that a few people run the "noscript" extension because is also covers some past and also unknown future bugs. It also seems to stop some adds while it's at it.

_________________
Linux is evolution, not intelligent design - Linus Torvalds
 
 Benutzer-Profile anzeigen Private Nachricht senden  
Antworten mit Zitat Nach oben
DeepDayze
Titel: RE: firefox javascript vulnerability  BeitragVerfasst am: 03.10.2006, 15:09 Uhr



Anmeldung: 08. Dez 2005
Beiträge: 299

Perhaps there may be a fix for it...but the noscript extension is a great "patch" as well.
 
 Benutzer-Profile anzeigen Private Nachricht senden  
Antworten mit Zitat Nach oben
devil
Titel: RE: firefox javascript vulnerability  BeitragVerfasst am: 03.10.2006, 17:16 Uhr
Team Member
Team Member


Anmeldung: 06. Mai 2005
Beiträge: 3087
Wohnort: berlin
swyndla,
this vulnerability exists, but cannot be used.
all i have as source is a reliable german site:
Code:
http://www.heise.de/newsticker/meldung/78965/from/rss09

i have been using noscript for quite a while anyways.

greetz
devil

_________________
<<We are Xorg - resistance is futile - you will be axximilated>>

Host/Kernel/OS "devilsbox" running[2.6.19-rc1-git5-kanotix-1KANOTIX-2006-01-RC4 ]
CPU Info AMD Athlon 64 3000+ clocked at [ 803.744 MHz ]
 
 Benutzer-Profile anzeigen Private Nachricht senden  
Antworten mit Zitat Nach oben
piper
Titel: RE: firefox javascript vulnerability  BeitragVerfasst am: 03.10.2006, 18:52 Uhr
Team Member
Team Member


Anmeldung: 03. Mai 2005
Beiträge: 1544
Wohnort: out there somewhere
"We got a chance to talk to Mischa Spiegelmock, the Toorcon speaker that reported the potential javascript security issue referenced earlier. He gave us more code to work with and also made this statement and agreed to let me post it here:

The main purpose of our talk was to be humorous.

As part of our talk we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this, and I personally have not gotten it to result in code execution, nor do I know of anyone who has.

I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly haven’t used it to take over anyone else’s computer and execute arbitrary code.

I do not have 30 undisclosed Firefox vulnerabilities, nor did I ever make this claim. I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not.

I apologize to everyone involved, and I hope I have made everything as clear as possible.

Sincerely,
Mischa Spiegelmock

Even though Mischa hasn’t been able to achieve code execution, we still take this issue seriously. We will continue to investigate.

-Window Snyder"

Article can be found here

_________________
h2's d-u script
h2's rdiff-backup script
 
 Benutzer-Profile anzeigen Private Nachricht senden Website dieses Benutzers besuchen  
Antworten mit Zitat Nach oben
DeepDayze
Titel: RE: firefox javascript vulnerability  BeitragVerfasst am: 03.10.2006, 20:23 Uhr



Anmeldung: 08. Dez 2005
Beiträge: 299

Seems this must just been a lot of hoo-ha over small potatoes. I still stick to using noscript for blocking those unknown javascript bugs that can bite out of nowhere. Better safe than sorry IMO
 
 Benutzer-Profile anzeigen Private Nachricht senden  
Antworten mit Zitat Nach oben
Mike Shepard
Titel: RE: firefox javascript vulnerability  BeitragVerfasst am: 04.10.2006, 03:51 Uhr



Anmeldung: 20. Mai 2005
Beiträge: 250

I personally like the QuickJava extension over the NoScript extension. It puts two icons on the status bar, on for java and one for javascript. Just click the icon and the feature is disabled, click again and it is enabled. I find it much more convienient, check it out.

Cheers,
Mike

_________________
"It's 106 miles to Chicago, we've got a full tank of gas, half a pack of cigarettes, it's dark, and we're wearing sunglasses." -The Blues Brothers (1980)
 
 Benutzer-Profile anzeigen Private Nachricht senden E-Mail senden  
Antworten mit Zitat Nach oben
Beiträge vom vorherigen Thema anzeigen:     
Gehe zu:  
Alle Zeiten sind GMT + 1 Stunde
Neues Thema eröffnen   Neue Antwort erstellen
Vorheriges Thema anzeigen Druckerfreundliche Version Einloggen, um private Nachrichten zu lesen Nächstes Thema anzeigen
PNphpBB2 © 2003-2007 
 
Deutsch | English
Logos and trademarks are the property of their respective owners, comments are property of their posters, the rest is © 2004 - 2006 by Jörg Schirottke (Kano).
Consult Impressum and Legal Terms for details. Kanotix is Free Software released under the GNU/GPL license.
This CMS is powered by PostNuke, all themes used at this site are released under the GNU/GPL license. designed and hosted by w3you. Our web server is running on Kanotix64-2006.