Firefox Exploit Adds Fuel to Browser Security Feud

An anonymous reader writes "Washingtonpost.com is reporting that a fairly nasty exploit has been released for a security hole that Firefox patched just yesterday. This is sure to add fuel to the ongoing heated debate over whether Mozilla is any safer the Internet Explorer." From the article: "This is not your run-of-the-mill proof of concept exploit code. It appears to be quite comprehensive, and would allow any attacker to use it with only slight modifications. According to the advisory, the code is designed to be embedded in a Web site so that anyone computer visiting the evil site with Firefox or Netscape would open up a line of communication with another Internet address of the attacker's choice, effectively letting the bad guys control the victim computer from afar."

Re:Browser shmouser

[alienw]

That's nice and all, but Java code runs slow enough to make it impractical for desktop apps. After all, security is nice, but it always comes AFTER usability. I'd say the real problem is sloppy programming.

Patch probably reverse engineered

[geekee]

"Sounds like damn good response time to me! When was this first discovered? How many days total did it take for the patch to be released? Yes, it sucks that the vulnerability was there to begin with, but you have to admit that this is a good demonstration of how well an open source community project can respond."

Yes, the open source community did a great job showing hackers exactly what the problem was, so an exploit could be developed for the unpatched systems. Great work guys.

Re:Even without root things can get nasty

[Zordak]

So I'm guessing you're posting this from your handy BeOS box