Friday

Firefox vulnerability discovered



Well, a vulnerability was discovered in Firefox, not just version 3. But timing wise, just after the launch of version 3, it isn't good PR for it's security. Details are still sparse till the patch is released.

From SANS ISC:

Firefox, up to and including the just-released Firefox 3, has a vulnerability. Details about the exact nature of the bug are being withheld until a patch is made available.

Additional coverage of the issue can be found at:

http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30
http://news.yahoo.com/s/pcworld/20080619/tc_pcworld/147277
http://secunia.com/advisories/30761/
http://www.f-secure.com/weblog/archives/00001458.html
http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9100878&intsrc=hm_list
http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9100558&intsrc=hm_list

But they did fix one thing in FF3 (according to Jeremiah Grossman).

Darn, they fixed the Ajax referer spoofing in Firefox 3. Didn't think they even knew about that problem

From this twitter page. Yes, he joined the Twitter crowd. Welcome and nice to see you between our midst.

No comments: