Find your next home with Luxist's "Estate of the Day"

Critical Firefox vulnerabilities: read this now

Posted May 9th 2005 7:02PM by Marc Orchant

eWeek has all the details on two critical vulnerabilities in Firefox (including the recently released 1.0.3) for which exploit code is already available in the wild. If you prefer to use Firefox, in light of these vulnerabilities, please heed this advice:

"Firefox users are urged to disable JavaScript immediately as a temporary workaround. Additionally, Mozilla recommends that the browser's software installation feature be disabled. This can be done by unchecking the "Allow web sites to install software" box, which can be found by selecting Options on the Tools menu and then Web Features."

A patch is not yet available. Since a browser without JavaScript is essentially worthless to me, I'm going back to Internet Explorer until these holes are patched. I'll post more information as it becomes available. Right now, the smartest thing you can do is make these configuration changes and then read the article at eWeek.

Reader Comments

(Page 1)

1. "... I’m going back to Internet Explorer until these holes are patched."


Yeah, because Internet Explorer is the browser of choice for people who care about security... what are you smoking?!

Posted at 6:20AM on Dec 19th 2005 by Kevin Conroy

2. Kevin: Thanks for the anticipated "Firefox good, IE bad" comment. I knew someone would rise to the occasion.

Fact of the matter is, at this moment in time IE *is* a better choice for those who care about security. These vulnerabilities are serious and exploit code is in circulation. Is there some part of that you don't get? This is the classic "zero-day exploit" we all fear. This vulnerability lets someone take control of your browser and install malware, a Trojan, or a backdoor onto your PC. There is no current method of doing this on a properly patched IE installation. So it's currently a more secure choice.

I like Firefox a lot - it's been my primary browser for quite some time. But using it right now - until these gaping holes are patched - is a bad idea. This is not something a firewall or anti-spyware software is going to protect you against.

Posted at 6:20AM on Dec 19th 2005 by Marc Orchant

3. "... I’m going back to Internet Explorer until these holes are patched."


Yeah, because Internet Explorer is the browser of choice for people who care about security... what are you smoking?!

Posted at 6:20AM on Dec 19th 2005 by Kevin Conroy

4. Kevin: Thanks for the anticipated "Firefox good, IE bad" comment. I knew someone would rise to the occasion.

Fact of the matter is, at this moment in time IE *is* a better choice for those who care about security. These vulnerabilities are serious and exploit code is in circulation. Is there some part of that you don't get? This is the classic "zero-day exploit" we all fear. This vulnerability lets someone take control of your browser and install malware, a Trojan, or a backdoor onto your PC. There is no current method of doing this on a properly patched IE installation. So it's currently a more secure choice.

I like Firefox a lot - it's been my primary browser for quite some time. But using it right now - until these gaping holes are patched - is a bad idea. This is not something a firewall or anti-spyware software is going to protect you against.

Posted at 6:20AM on Dec 19th 2005 by Marc Orchant

5. "... I’m going back to Internet Explorer until these holes are patched."


Yeah, because Internet Explorer is the browser of choice for people who care about security... what are you smoking?!

Posted at 6:20AM on Dec 19th 2005 by Kevin Conroy

6. Kevin: Thanks for the anticipated "Firefox good, IE bad" comment. I knew someone would rise to the occasion.

Fact of the matter is, at this moment in time IE *is* a better choice for those who care about security. These vulnerabilities are serious and exploit code is in circulation. Is there some part of that you don't get? This is the classic "zero-day exploit" we all fear. This vulnerability lets someone take control of your browser and install malware, a Trojan, or a backdoor onto your PC. There is no current method of doing this on a properly patched IE installation. So it's currently a more secure choice.

I like Firefox a lot - it's been my primary browser for quite some time. But using it right now - until these gaping holes are patched - is a bad idea. This is not something a firewall or anti-spyware software is going to protect you against.

Posted at 6:20AM on Dec 19th 2005 by Marc Orchant

RESOURCES

RSS NEWSFEEDS

Powered by Blogsmith

Other Weblogs Inc. Network blogs you might be interested in:

Autoblog Latino
DIY Life
Luxist
BloggingStocks
Slashfood
Gadling