2 Firefox Security Flaws Lead to Exploit Potential

Marthisdil points out a News.com story which reports that "Two vulnerabilities in the popular Firefox browser have been rated "extremely critical" because exploit code is now available to take advantage of them." Security firm Secunia reported the vulnerabilities (and the "extremely critical" rating is theirs), but the News.com story points out that thus far, "no known cases have yet emerged where an attacker took advantage of the public exploit code." Update: 05/09 20:20 GMT by T : Rebron of the Mozilla Foundation sends a correction; this is really the same flaw reported yesterday. He suggests that you glance at the Mozilla security alert on this hole (as well other alerts at the Mozilla Security Center), and says "The Mozilla Foundation has made changes to our update servers that will protect users from this arbitrary code execution exploit."

IE is safest...

[*themotterfukker*]

will be claimed in the topic of the zealotery propanda news medias 'friendly' to Microsoft, in the next few days, beware!

This is It?

[ultimabaka]

If this is the riskiest bug coming out of FireFox right now, I think I'm going to consider myself lucky. Microsoft's browser had at least one far greater bug to its IFRAME setup, on top of the countless other horrifying bugs running around.

Like others have said before, however, this is only the beginning for FireFox. As it gets more and more popular, more and more of these nasty bugs are going to appear and (hopefully not) be exploited. Won't stop me from enjoying FireFox, though, and it shouldn't stop anyone else either.

Rite of Passage

MS always claimed that Moz was less vulnerable to hacks and exploits due to the fact that less people were using it -- it had not yet reached critical mass. Seems that's changing....

It's bad, but maybe it signifies something good?

SHOCK HORROR- software can have bugs!!

[kamikazejay]

Honestly, why is this newsworthey? I dont think there is a single piece of software (except perhaps 'hello world' level) that doesnt have bugs.

I believe there should be a minimum intelligence needed to use the internet ,mainly being able to update things every now and then, often by simply clicking a 'next' button a couple of times (and I have yet to meet someone who, when properly instructed, fails this), so people should keep up to date without needing headlines reminding them that they should try to keep up to date. Bug reports should be limited to bug reports, and not invading out news sites.

Re:SHOCK HORROR- software can have bugs!!

[Master+of+Transhuman]

He doesn't have to.

Some moron Windows troll will do it for him.

Just like you.

Re:Firefox gains market share..

[Master+of+Transhuman]

Excuse me, but "market share increase" != "more security flaws".

That's not even logical.

The flaws were THERE before anybody downloaded the first copy of IE OR FireFox.

And malicious hackers will attack anything they can get their hands on. In fact, FireFox is probably a nice target since it's new (not old news like IE where tons of flaws are already known), has a lot of mindshare (means more "leet" status if you break it), and is different in its design and coding (which means you learn something by breaking it.)

The reason IE HAS flaws is DESIGN, not market share.

When FireFox HAS as much market share as IE, AND has had the SAME number of flaws reported, THEN you can consider saying it was as badly DESIGNED as IE.

I'm not holding my breath either way, because geeks can't program worth shit and neither can corporate slaves.

Re:sorry..

[antiMStroll]

So I have this straight, Slashdot raising historionics and alarm about a theoretical Firefox exploit, and a dupe at that, is 'preaching to the choir'? That's the same choir consistently accused of being anti-Microsoft, pro-OSS? I'ld settle for any explanation how a + 5 Insightful for this AC makes sense.