Mozilla Firefox 1.0.7 DoS Exploit
An anonymous reader writes "Whitedust Security are reporting on a new exploit for Firefox which apparently affects all versions of the browser from 1.0.7 down. From the article: "If this exploit has made it out into, or indeed been retrieved from the wild is unknown at this time. However it is clear that this exploit will indeed need patching as soon as possible.""
Linux is *not* user friendly, and until it is linux will stay with >1% marketshare.
Take installation. Linux zealots are now saying "oh installing is so easy, just do apt-get install package or emerge package": Yes, because typing in "apt-get" or "emerge" makes so much more sense to new users than double-clicking an icon that says "setup".
Linux zealots are far too forgiving when judging the difficultly of Linux configuration issues and far too harsh when judging the difficulty of Windows configuration issues. Example comments:
User: "How do I get Quake 3 to run in Linux?"
Zealot: "Oh that's easy! If you have Redhat, you have to download quake_3_rh_8_i686_010203_glibc.bin, then do chmod +x on the file. Then you have to su to root, make sure you type export LD_ASSUME_KERNEL=2.2.5 but ONLY if you have that latest libc6 installed. If you don't, don't set that environment variable or the installer will dump core. Before you run the installer, make sure you have the GL drivers for X installed. Get them at [some obscure web address], chmod +x the binary, then run it, but make sure you have at least 10MB free in
User: "How do I get Quake 3 to run in Windows?"
Zealot: "Oh God, I had to install Quake 3 in Windoze for some lamer friend of mine! God, what a fucking mess! I put in the CD and it took about 3 minutes to copy everything, and then I had to reboot the fucking computer! Jesus Christ! What a retarded operating system!"
So, I guess the point I'm trying to make is that what seems easy and natural to Linux geeks is definitely not what regular people consider easy and natural. Hence, the preference towards Windows.
I'm running 1.5 as firefox states, if i'm right that version 1.0.7 is very old!
firefox is cool, stop digging up old sh*t!
I only pointed out that the header doesn't agree with the text, I never even mentioned the article.
Firefox zealot down!!!!
"I'm running the latest beta, if you don't then you deserve to have all the nasty exploits"
You make it sound like 1.0.7 is 6 months old and there have been 3-4 version updates since then.
Way to share your ignorance with everyone..
whenever there is a firefox exploit, /. is understanding, and people say things like "well no software is perfect... its rare and hard to do, not really an explot... ". When there is an IE exploit its, "MS Sucks, IE Sucks, and if you use IE your computer is going to blow up, not to mention global warming will continue"...
I exaggerated a bit there, but you know what I'm saying. Why not offer equal critiques, and understanding, for any product regardless. I have a few macs for web testing but don't really like them, but it doesn't stop me from saying that there are some things that apple does a damm good job with. IE isn't a horrible web browser, it may not be as cutting edge with functionality today as firefox, but it isn't all bad. And before you scream standards, only do it if you include safari, and all the other browsers that have "standards" problems.
Firefox on Linux randomly crashes during normal web browsing at least a half dozen times per day anyway. What is so significant about another way to make Firefox chew CPU? There are LOTS of ways to do that.
within a week.
I wonder how long it would take Microsoft if this happened to them. What? Theres already dozens of known exploits for the worlds #1 browser, and the multi billion dollar company behind it doesnt do anything about it?
Impossible.
-Copyright law #69:Whenever Mickey Mouse is about to enter the public domain,copyrights get extended by 25 years.
Oddly enough, about the same length of time as has passed since Microsoft realised their stranglehold on web browsers was slipping.
One day Redmond reformed the IE development team to try and stem the tide. The next, stories like this one started cropping up with penny-ante firefox exploits being made into front page news. Just as though crushing your browser was comparable in scale to rooting your network...
Purely co-incidental, of course...
Don't let THEM immanentize the Eschaton!
Or switch back to opera. Regardless, rediscover the wide world of web advertising!
So we're supposed to ignore it? If this was IE, you'd be screaming blood.
"Sufferin' succotash."
Correct !!
Where we have a crash, we can also potentilly have crafted instructions as well.
Buffer overflow are buffer overflows
The CPU's program counter of a running program was altered and the wrong instructions were forced to be executed by the CPU
Although the instructions may just crash a program . with another set of crafted bytes and it becomes capable of potentially running any arbitrary code
That is the basis of any buffer overflow.
A buffer overflow, is simply that :
The CPU executed unwanted instructions , and they can be anything.The CPU read them as valid when they were not wanted
Mozilla
i maybe wrong here...but as far as i know, whenever there's a new security update, why is it that one has to download a whole new version of firefox? in this respect, at least, MS did a better job that mozilla. u only had to download the security update and not a whole new version of IE for these updates(i know...i know...plz dont rant about the problems with IE's updates themselves). all i want to know is, why can't mozilla do the same?
Chaitanya a.k.a PaRAdoX