Slashdot Mirror

← Back to Stories (view on slashdot.org)

Unpatched Firefox Flaw May Expose Users

Posted by Zonk on from the again dept.

Corrado writes "CNET is reporting on a new Firefox flaw." From the article: "The problem lies in the way Firefox handles Web links that are overly long and contain dashes, security researcher Tom Ferris said in an interview via instant messaging late Thursday. He posted an advisory and a proof of concept to the Full Disclosure security mailing list and to his Security Protocols Web site...The public bug disclosure comes just as Mozilla released the first beta of Firefox 1.5. The final release of the next Firefox update, which includes security enhancements, is due by year's end, according to the Firefox road map."

20 of 390 comments (clear)

  1. This is impossible! by pdpTrojan · · Score: 2, Funny

    Firefox is open source... how can it have a bug in it? Lol, they must have meant Internet Explorer!

    Everybody knows that security flaws are only available in Microsoft products. I read it on Slashdot!!! It has to be true!!!

    1. Re:This is impossible! by Wontsomebodypleaseth · · Score: 0, Funny

      You Sir are an idiot

      --
      If You can read this sig you are on the internet
    2. Re:This is impossible! by Anonymous Coward · · Score: 1, Funny

      No, he's a Windows troll. They are rare, we should put him in a cage for everyone to see.

  2. Expose users? by jdray · · Score: 4, Funny

    Did anyone else have a sudden concern that using Firefox would cause you to be "pants'ed"?

    --
    The Spoon
    Updated 6/28/2011
    1. Re:Expose users? by .sig · · Score: 5, Funny

      I'm counting on it, I'm passing out copies of firefox to all the women I know....

      --
      -Space for rent
    2. Re:Expose users? by Anonymous Coward · · Score: 0, Funny

      So that's one person (including your mom) then?

    3. Re:Expose users? by iceborer · · Score: 5, Funny

      Since you're a /. member, I would have thought you'd installed Firefox for your mom and little sister already.

    4. Re:Expose users? by sootman · · Score: 5, Funny

      No worries, the patch is here: http://www.mozilla.org/patch-to-fix-the-problem-wi th-firefox-where-long-URLs-with-lots-of-hypohens-c an-cause-bad-things-to-happen-like-the-browser-wil l-crash-and-stuff.html

      --
      Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
    5. Re:Expose users? by Anonymous Coward · · Score: 1, Funny

      Damn you, I clicked on that link!

    6. Re:Expose users? by Jerry · · Score: 2, Funny

      Sorry, that URL didn't work. :-)

      404: File Not Found /patch-to-fix-the-problem-with-firefox-where-long- URLs-with-lots-of-hypohens-can-cause-bad-things-to -happen-like-the-browser-will-crash-and-stuff.html

      We are sorry, the file you requested could not be found.

      Referring page:

      http://it.slashdot.org/article.pl?sid=05/09/09/133 6253&threshold=0&tid=128&tid=154

      The link you clicked to get here is either misspelled, outdated, or may just never have existed. You can use the links on this page or the search Mozilla feature at the top to find the document to find what you were looking for. You may want to notify the webmaster of the referring page of the dead link.

      --

      Running with Linux for over 20 years!

  3. Patent infringement by confusion · · Score: 4, Funny

    I thought MS had a patent on unpatched browser flaws?!?!?

    Jerry
    http://www.cyvin.org/

  4. more info at by jbeaupre · · Score: 2, Funny

    more information on the bug at: www.youissostupid.ru/scriptyuiopuioqwhjklfashuiopy uiopuiopuiopuouihjklasd-2789789-hfsjadkhuiof

    --
    The world is made by those who show up for the job.
  5. Re:Flaws by Anonymous Coward · · Score: 1, Funny

    How on earth can the first post be redundant?

  6. Year's end? by Swamii · · Score: 2, Funny

    This is why open source is better! M$ expects me to wait until year's end for a patch?! What am I supposed to do until then, hide in a cave?

    What's that you say? This isn't an article about Microsoft?

    Oh, nevermind then.

    --
    Tech, life, family, faith: Give me a visit
  7. Re:not crashing by kryten_nl · · Score: 2, Funny

    Clippy: 'If you would like to see the BSOD: create a new Word document, make it 50 pages long and try to save.'

    --
    For the perfect anti-Unix, write an OS that thinks it knows what you're doing better than you do and let it be wrong.
  8. Similar Bug by MobileMrX · · Score: 3, Funny
    I saw a similar bug IRL.

    This guy was driving and navigated to a bunch of yellow dashes in succession.

    This method of action caused his car to crash.

    I've only been able to replicate this bug on roads with > 2 cars.

    Anyone experience this?

    /waiting for roads v1.5

  9. Firefox is the fix for Internet Explorer problems. by CyricZ · · Score: 3, Funny

    Indeed. The main update/fix for Internet Explorer-related problems is Firefox. So that should always be the first solution proposed. That in turn directly leads to my proposal: always keep your non-technical friends' Firefox installations up to date.

    --
    Cyric Zndovzny at your service.
  10. Patch available by Frankie70 · · Score: 3, Funny

    You can download a fix here

  11. Re:It should be noted by Delphiki · · Score: 5, Funny
    So if person P is skeptical of claim C about entity E, then it logically follows that P thinks that E "can do no wrong"? That sounds a like a fringe-whacko line of thought to me.

    You don't really want to get into the business of pointing out wackos on slashdot. It's easily a full time job and it doesn't pay.

    --

    Feel free to mod me "-1 - Angry Jerk".

  12. Re:exploits? by sbrown123 · · Score: 2, Funny

    I take that back. I did find one of his recent exploits (actually its a DoS) that Microsoft actually made a patch for:

    http://www.microsoft.com/technet/security/bulletin /MS05-041.mspx

    The funny thing is his note: "As I previously reported, there is a remote kernel denial of serivce vulnerability with the Remote Desktop Services protocol which affects every verison of Microsoft Windows. "

    Last time I check, RDP is not on older versions of Windows. Again, blown out of porportion for such a minor bug.