2 Firefox Security Flaws Lead to Exploit Potential

Marthisdil points out a News.com story which reports that "Two vulnerabilities in the popular Firefox browser have been rated "extremely critical" because exploit code is now available to take advantage of them." Security firm Secunia reported the vulnerabilities (and the "extremely critical" rating is theirs), but the News.com story points out that thus far, "no known cases have yet emerged where an attacker took advantage of the public exploit code." Update: 05/09 20:20 GMT by T : Rebron of the Mozilla Foundation sends a correction; this is really the same flaw reported yesterday. He suggests that you glance at the Mozilla security alert on this hole (as well other alerts at the Mozilla Security Center), and says "The Mozilla Foundation has made changes to our update servers that will protect users from this arbitrary code execution exploit."

IE

[blake3737]

I smell scandel, it was bill gates who wrote the code and you know it. IT's like the SetErrors flag in windows (Fp maybe?)

And to think...

[oskard]

I JUST got through explaining to my parents why Firefox is a safer alternative.

Safar!

[ViperG]

Well I'm glad I'm using my parents PowerBook with Safari atm. But when I get back home, maybe I should try and figure out a way to get notpad to browse the net, it seems the only safe windows alternative.

Re:News for Nerds?

You just missed it the first 3 times.

Re:Oh really

Dammit you troll flamebaiting asshole!!! I'm gonna mod you down, even if your post is totally on topic and totally true!!!

LINUX USERS DON'T GET VIRUSES

Mind you, they don't get laid, either.

In other news...

.. two unpatched security security holes (code named timothy and CmdrTaco) in Slashdot allowing posting of dupes were disclosed.

...obligatory

[op12]

Welcome to Slashdot, you must be new here.

Re:sorry..

[Taladar]

Probably because lots of /. posters have to fix machines of relatives or at their work running IE.

Sounds familiar

[stinkyfingers]

Seriously this Is getting repetitive. There are always flaws. Just update your browser and hope it doesn't become the next iexplore.

Seriously, this is getting repetitive. There are always flaws. Just run Windows Update and hope there's a patch for Internet Explorer.

On behalf of the IE programming team..

[cmburns69]

On behalf of the IE programming team, let me be the first to say "Neener neener neener!"

Trim allowed install sites and move on.

[kmortelite]

Ford! Chevy! Ford! Chevy! Ford! Chevy! FORD! CHEVY! DODGE!

s/Ford/Firefox/
s/Chevy/IE/
s/Dodge/whatever_dumb_browswer_u_want/

Come on.

Re:Balanced?

[utexaspunk]

AMEN, BROTHER- this ain't the news desk, buddy, this is the nerd table in the high school cafeteria. Most of the time here is spent trying to make milk come out of eachother's noses...

Preview Release

[heymr.wilson]

If you are still using the preview release 1.0, then it tells you there are no updates to be installed... guess you're safe there...hmmmm

Re:sorry..

[grolschie]

Well, I would agree, but then why does slashdot post every IE bug that comes up?

Because serious IE security holes are popping up every other day. The front page at /. would be choked with all the posts. But seriously, we all know that MS are notoriously slow at patching security holes, so people need to know that... <insert swiss cheese reference here>.

Re:sorry..

[shmlco]

Probably because lots of /. posters now need to fix machines of their own running Firefox...

Re:Should not be exploitable any more

[Just+Some+Guy]

On Sunday, Mozilla Update was moved to an untrusted URL

Erm, it doesn't happen to end in .cx, does it?