Slashdot Mirror


New Mozilla Firefox 1.0.3 Exploit

An anonymous reader writes "News sources are reporting that a 'killer' new Firefox exploit has been revealed today by FrSIRT who warn that this 0day exploit/vulnerability (as yet unpatched) should be rated as critical. Summary of the exploit: If a user clicks anywhere on a specially crafted page, this code will automatically create and execute a malicious batch/exe file. Proof of concept code supplied by FrSIRT."

6 of 596 comments (clear)

  1. IE! by Anonymous Coward · · Score: -1, Redundant

    Get rid of those nasty bugs and exploits in Firefox! Switch to Internet Explorer today!

    :D

  2. I'm sure everyone whill complain by Saven+Marek · · Score: 0, Redundant

    And everyone will say ":oh no firefox is a security risk" whaaaa. well this isnt really the case and is overstating things just a bit. When it comes down to it firefox still has many quicker fixes and the bug is probably already fixed by now.

    So if this is the case where is the problem? a non issue if you ask me.

  3. article text by Anonymous Coward · · Score: -1, Redundant

    An anonymous reader writes "News sources are reporting that a 'killer' new Firefox exploit has been revealed today by FrSIRT who warn that this 0day exploit/vulnerability (as yet unpatched) should be rated as critical. Summery of the exploit: If a user clicks anywhere on a specially crafted page, this code will automatically create and execute a malicious batch/exe file. Proof of concept code supplied by FrSIRT."

  4. Batch file EXE by hackus · · Score: 0, Redundant

    I keep testing the batch file.exe exploit it says and just can't seem to get it too work??

    -Hack
    -Fedora Core Test 4

    --
    Got Geometrodynamics? Awe, too hard to figure out? Too bad.
  5. Re:This was reported to bugzilla some time ago! by Anonymous Coward · · Score: -1, Redundant

    that is the correct way

    WRONG.

    Which would you rather have? Software that doesn't have security holes, or software that has security holes that are patched?

    "Hiding" security vulnerabilities leads to the second choice, as we've seen.

    Putting them out in the open forces the programmers to either 1) knuckle down, remove features, audit code, reject incompetent programmers or 2) go out of business.

    Hiding bugs says "It's okay to be incompetent. It's okay to put out serious software bugs. It's okay to bloat your software with useless features. It's okay to be irresponsible and put 50,000,000 users at risk, because they'll all just update."

    What nonsense! Almost as sad as the people who think an open source license magically teaches programmers how to write secure code.

  6. Readable version by Anonymous Coward · · Score: -1, Redundant