Firefox Exploit Adds Fuel to Browser Security Feud

An anonymous reader writes "Washingtonpost.com is reporting that a fairly nasty exploit has been released for a security hole that Firefox patched just yesterday. This is sure to add fuel to the ongoing heated debate over whether Mozilla is any safer the Internet Explorer." From the article: "This is not your run-of-the-mill proof of concept exploit code. It appears to be quite comprehensive, and would allow any attacker to use it with only slight modifications. According to the advisory, the code is designed to be embedded in a Web site so that anyone computer visiting the evil site with Firefox or Netscape would open up a line of communication with another Internet address of the attacker's choice, effectively letting the bad guys control the victim computer from afar."

Re:Browser shmouser

[thebdj]

Yeah the Mac/Windows integration complaint by most sysadmins is total bullshit. They are almost fully integrable now and it really isn't that hard to do. OS X.3 really made this a fairly simple thing to do on a PROPERLY setup ActiveDirectory Domain (if there truly is such a thing). If said company is running a non-AD domain they could keep the headache and save the money buy setting up a domain on a Linux server. But most sysadmins are afraid of what they do not understand which is part of the reason why there are still some places using Novell instead of having switched fully over to Windows based storage servers.

This is sort of the same thing that has happened with large companies sticking with Windows 2k and in some rare cases NT. Sysadmins seem to like to keep things the same and never change, after all if you are MSCE for NT Server why bother getting an updated MCSE for 2003 and upgrade your servers, forget that you'll have a much harder time getting a job without an updated MCSE.

This actually reminds me of a former place of work, and if you are interested on learning more about this former place of work that is part of the public education system, feel free to send me messages, not signing NDAs is such a nice thing. Anyway, are IT manager had a single certification, for of all things Novell. This man does not even know how to reset passwords in an AD domain, and to make things worse takes all the cred from the real employees and of course blames them for what are usually his mistakes.

Let us say that this former place of work was switching to an all AD domain, ridding themselves completely of Novell (including Groupwise), and finally getting Exchange. The problem I have heard is that this change, which was suppose to be done by Feb. or March of this year has halted and is almost moving in reverse. This is by and large because of the lack of knowledge and poor management of not only my individual organization's manager but other managers as well.

So fear of change, this is what keeps them from changing. Back to the topic at hand, can this exploit do anything serious to Linux users who are smart and don't run as root?