Firefox 3 Vulnerability Found

[Peter]

A new vulnerability has been found within Firefox 3. The vulnerabilty it seems was known about prior to release however the person who found it decided not to post it until the browser was released. The vulnerability enables an attacker to take over a users pc and is considered a high severity bug.

Just hours after the official release of the latest refresh of Mozilla’s flagship browser, an unnamed researcher has sold a critical code execution vulnerability that puts millions of Firefox3.0 users at risk of PC takeover attacks.

http://blogs.zdnet.com/security/?p=1288

 

[Hurley4540]

Wow.... thats bad!!!

And wonder how much he sold that for :O!!?

 

[wikes82]

Great 8.2 million pc are vulnerable... nice...

 

[Hurley4540]

Wonder if FF staff fixed this yet

 

[DebX420]

Thanks :D

Now, Im not going to upgrade until this is solved.

 

[Hurley4540]

Thanks :D

Now, Im not going to upgrade until this is solved.

:hehe: Good idea.

 

[edbrown]

Hopefully mozilla will roll out and patch quickly - within the next couple of days. They have been good in the past with things like this.

 

[thebrokenbox]

Wow, already a vulnerablility. Hopefully Mozilla fixes it fast. Don't want my computer at risk.

 

[labrocca]

Why it's ALWAYS a bad idea to upgrade immediately.

 

[weblord]

very scary, i stick with my oldies program

..post it until the browser was released. The vulnerability enables an attacker to take over a users pc and is considered a high severity bug.



http://blogs.zdnet.com/security/?p=1288

 

[aceeca]

Why it's ALWAYS a bad idea to upgrade immediately.

FROM the article

According to a note from TippingPoint’s Zero Day Initiative (ZDI) , a company that buys exclusive rights to software vulnerability data, the Firefox 3.0 bug also affects earlier versions of Firefox 2.0x.

It also affects FF2.0.X

 

[Bruce_KD]

Great 8.2 million pc are vulnerable... nice...

According to the article, it also affects previous versions (2.X).
That means its probably in the hundreds of millions.
For example all the computers at the highschool I just graduated from had Firefox installed, but my guess is they didn't all download 3.0 yesterday.

From www.spreadfirefox.com:

Firefox downloads:
579137807

That's over half a billion downloads.


Bruce

 

[snowbird]

Dang. It is a good thing I use Opera.

 

[Peter]

Going by the wording it looks like it was repaired in version 2 but resurfaced in version 3.

 

[Element]

Another reason why its a bad idea to upgrade after a major release. I guess I will have to go back to using Opera until this whole ordeal is sorted out, since I really don't want to risk having my computer being overtaken. :P

 

[Keral_Patel]

"Technical details are being kept under wraps until Mozilla’s security team ships a patch." LOL so we don't even know what hit us.

 

[Peter]

"Technical details are being kept under wraps until Mozilla’s security team ships a patch." LOL so we don't even know what hit us.

They rarely release details until it is fixed. Problem is though as it is an old bug that has resurfaced wouldnt be that difficult to look through bugtracker to find the same problem that occured in V2

 

[1NiteStand]

Good thing I use Internet Explorer!

Hah, kidding.

 

[duceman]

Good thing I use Internet Explorer!

Hah, kidding.

What is this "Internet Explorer" I've never heard of it :D

 

[Janine]

Dang. It is a good thing I use Opera.

is Opera good?
lol.. I wanna transfer to opera from FF 3.

omg.
why did I ever read that thread about the Firefox Download Day!!! lol.