| Autor |
Nachricht |
|
|
Titel: firefox javascript vulnerability
 Verfasst am: 02.10.2006, 23:40 Uhr
|
|
Anmeldung: 05. Dez 2005
Beiträge: 414
Wohnort: Auckland, New Zealand
|
|
Due to:
http://it.slashdot.org/article.pl?sid=06/10/01/148202
it may be a good idea to install:
https://addons.mozilla.org/firefox/722/
... ie the "noscript" firefox extension, which blocks sites running java and javascript except for the ones that you allow.
Apparently the vulnerability lets people get access to your home directory.
It seems that a few people run the "noscript" extension because is also covers some past and also unknown future bugs. It also seems to stop some adds while it's at it. |
_________________
Linux is evolution, not intelligent design - Linus Torvalds
|
| |
|
|
|
 |
|
|
|
Titel: RE: firefox javascript vulnerability
Verfasst am: 03.10.2006, 15:09 Uhr
|
|
Anmeldung: 08. Dez 2005
Beiträge: 300
|
|
| Perhaps there may be a fix for it...but the noscript extension is a great "patch" as well. |
|
|
| |
|
|
|
|
|
|
|
Titel: RE: firefox javascript vulnerability
Verfasst am: 03.10.2006, 17:16 Uhr
|
|
Team Member
Anmeldung: 06. Mai 2005
Beiträge: 3087
Wohnort: berlin
|
|
swyndla,
this vulnerability exists, but cannot be used.
all i have as source is a reliable german site:
Code:
http://www.heise.de/newsticker/meldung/78965/from/rss09
i have been using noscript for quite a while anyways.
greetz
devil |
_________________
<<We are Xorg - resistance is futile - you will be axximilated>>
Host/Kernel/OS "devilsbox" running[2.6.19-rc1-git5-kanotix-1KANOTIX-2006-01-RC4 ]
CPU Info AMD Athlon 64 3000+ clocked at [ 803.744 MHz ]
|
| |
|
|
|
|
|
|
|
Titel: RE: firefox javascript vulnerability
Verfasst am: 03.10.2006, 18:52 Uhr
|
|
Team Member
Anmeldung: 03. Mai 2005
Beiträge: 1544
Wohnort: out there somewhere
|
|
"We got a chance to talk to Mischa Spiegelmock, the Toorcon speaker that reported the potential javascript security issue referenced earlier. He gave us more code to work with and also made this statement and agreed to let me post it here:
The main purpose of our talk was to be humorous.
As part of our talk we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this, and I personally have not gotten it to result in code execution, nor do I know of anyone who has.
I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly haven’t used it to take over anyone else’s computer and execute arbitrary code.
I do not have 30 undisclosed Firefox vulnerabilities, nor did I ever make this claim. I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not.
I apologize to everyone involved, and I hope I have made everything as clear as possible.
Sincerely,
Mischa Spiegelmock
Even though Mischa hasn’t been able to achieve code execution, we still take this issue seriously. We will continue to investigate.
-Window Snyder"
Article can be found here |
_________________
h2's d-u script
h2's rdiff-backup script
|
| |
|
|
|
|
|
|
|
Titel: RE: firefox javascript vulnerability
Verfasst am: 03.10.2006, 20:23 Uhr
|
|
Anmeldung: 08. Dez 2005
Beiträge: 300
|
|
| Seems this must just been a lot of hoo-ha over small potatoes. I still stick to using noscript for blocking those unknown javascript bugs that can bite out of nowhere. Better safe than sorry IMO |
|
|
| |
|
|
|
|
|
|
|
Titel: RE: firefox javascript vulnerability
Verfasst am: 04.10.2006, 03:51 Uhr
|
|
Anmeldung: 20. Mai 2005
Beiträge: 250
|
|
I personally like the QuickJava extension over the NoScript extension. It puts two icons on the status bar, on for java and one for javascript. Just click the icon and the feature is disabled, click again and it is enabled. I find it much more convienient, check it out.
Cheers,
Mike |
_________________
"It's 106 miles to Chicago, we've got a full tank of gas, half a pack of cigarettes, it's dark, and we're wearing sunglasses." -The Blues Brothers (1980)
|
| |
|
|
|
|
|
|
