Otkriven propust u starijim verzijama Firefoxa

Otkriven propust u starijim verzijama Firefoxa

Idi na vrh
offline
  • Pridružio: 12 Sep 2003
  • Poruke: 2811
  • Gde živiš: Kotor

Computer code that could let attackers take complete control over computers cruising the Web with unpatched versions of the Firefox Internet browser has been released, so if you're using Firefox and haven't upgraded to the latest version, do it now. The exploit also applies to the latest version of Netscape, but Netscape has not yet released a fix for this problem.

This is not your run-of-the-mill proof of concept exploit code. It appears to be quite comprehensive, and would allow any attacker to use it with only slight modifications. According to the advisory, the code is designed to be embedded in a Web site so that any computer visiting the evil site with Firefox or Netscape would open up a line of communication with another Internet address of the attacker's choice, effectively letting the bad guys control the victim computer from afar.

Dave Kennedy over at Cybertrust had roughly the same impression that I did about the severity of this exploit and flaw.

"If this were [Microsoft's Internet Explorer], I'd expect to see [the exploit] in spyware," Kennedy said. "With Firefox it's possible someone could try to make a point by doing something big."

Kennedy was referring to the heated debate in the security community over whether Firefox is any more secure than IE, a debate fanned by the release last week of a report pointing out that Firefox has fixed twice as many security flaws as IE so far this year.

Izvor: blogs.washingtonpost.com



Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
Idi na vrh
offline
  • Pridružio: 16 Jun 2005
  • Poruke: 1251
  • Gde živiš: Podgorica

za firefox je u toku prošle god otkriveno 25 propusta a ua IE samo 12



Idi na vrh
offline
  • pixxel  Male
  • Legendarni građanin
  • Pridružio: 21 Jun 2005
  • Poruke: 9091
  • Gde živiš: Tu i tamo...

Da, ali su za firefox vecina bili low priority i tesko ostvarivi u praksi, dok su za ie skoro svi bili critical (pogledaj malo http://www.secunia.com )
I za svaki od tih propusta, firefox je u roku od par sati izbacivao zakrpu, a u roku od najvise desetak dana novu verziju. A kad je bio poslednji update za IE??? Poslednji put sa service packom 2...

Necemo ovde po stoti put kritikovati ni mozillu ni ie ni operu, i nije mi to namera. Kome se ne svidja sto ima gresaka, neka napravi sam svoj browser, pa da vidimo koliko ce biti siguran i nepropusan. Na mozilli radi skoro 100 ljudi i to samo u najuzem delu, same mozille.a koliko ih jos radi na dodacima, prevodima... Ista stvar je sa operom, mnogo ljudi radi za dzabe (ne racunajuci prihod od majica, solja i ostaloga. Opera je tu bolje stajala, ali sad kao besplatna ce videti kako se krvavo 'leb zaradjuje...) a ie, koliko god besplatan bio, skoro svako plati uz svoj windows, i tu nema poredjenja... Nikako.

P.S. evo linkova pa da uporedimo propuste:
IE: http://secunia.com/product/11/ - 86 Propusta/20 Nema ispravku (Microsoft Internet Explorer 6.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Highly critical)

MF: http://secunia.com/product/4227/ - 24 Propusta/3 nema ispravku (Mozilla Firefox 1.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Less critical)

OP: http://secunia.com/product/4932/ - 0 Propusta/0 nema ispravku (The Secunia database currently contains 0 Secunia advisories marked as "Unpatched", which affects Opera 8.x.)

Idi na vrh
offline
  • ZoNi  Male
  • Free Your Mind!
  • Pridružio: 26 Feb 2005
  • Poruke: 5757
  • Gde živiš: Singidunum

pixxel ::kad je bio poslednji update za IE??? Poslednji put sa service packom 2...
si siguran? Razz a sta su oni relativno cesti apdejti windowsa? Wink

i bas me interesuju ti "critical" propusti za IE... kako ja ne naleteh ni na jedan od njih? ma, price za malu decu...

Idi na vrh
offline
  • Pridružio: 26 Jun 2004
  • Poruke: 732
  • Gde živiš: Altina, Zemun

Zanima me gde mogu da vidim da li je FireFox koji ja koristim ranjiv Smile

Idi na vrh
offline
  • MANA  Male
  • Ugledni građanin
  • Pridružio: 18 Avg 2005
  • Poruke: 475
  • Gde živiš: Kući

I mene interesuje. Vecjina tih online testova zahteva activex da bi funkcionisali, a firefox ne podrzhava activex...

Idi na vrh
offline
  • RIA  Male
  • Prijatelj foruma
  • Pridružio: 20 Feb 2005
  • Poruke: 2728
  • Gde živiš: Around Belgrade

pixxel ::Da, ali su za firefox vecina bili low priority i tesko ostvarivi u praksi, dok su za ie skoro svi bili critical

e ovo vredi ponoviti.Pa nije samo najveci broj propusta=najgori browser.Jos ispade da je IE siguran... Laughing

sigurniji od FF-a Laughing Laughing

Idi na vrh
offline
  • Pridružio: 26 Jun 2005
  • Poruke: 139
  • Gde živiš: Beograd

kako vam ne dosadi da se vechno prepucavate oko tih nebuloza ???

Idi na vrh
offline
  • m4rk0  Male
  • Administrator
  • Administrator tech foruma
  • Marko Vasić
  • Gladijator - Maximus Decimus Meridius
  • Pridružio: 14 Jan 2005
  • Poruke: 14790
  • Gde živiš: Majur (Colosseum)

ovo ide pod lock da bi se izbegao potencijalni flame.


Potreban je samo minut da se registrujete - da biste učestvovali u diskusiji:
Izaberite vaše korisničko ime [username] :
Vaša email adresa je [email] : Email adresa mora biti tačna!
Ukucajte željenu šifru [password] :
Ukucajte šifru ponovo [password again] :
Jezik [language] :




Ili se jednostavno uloguj preko Facebook-a:
Ko je trenutno na forumu
 

Ukupno su 169 korisnika na forumu :: 13 registrovanih, 1 sakriven i 155 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 1311 - dana 15 Nov 2012 21:40

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Bane san, Chuck Norris, cikadeda, Danijel Alanovic, LUDI, Mare Koloseum, mikiopacity, pedja-alen-kiss, perica5, prekodrinski, Saleee2008, Srki94, Žan Klod vam dam
Siguran hosting