Firefox 2.0.0.5 Released

Status
Not open for further replies.
OP
praka123

praka123

left this forum longback
^updated version will eventually shown in synaptic.though if ur installing from web,install to /usr/local/firefox/ rather than into ur /home/username dir.
 

RCuber

The Mighty Unkel!!!
Staff member
praka123 said:
^updated version will eventually shown in synaptic.though if ur installing from web,install to /usr/local/firefox/ rather than into ur /home/username dir.

Thanks for the tip. Will do that.
 
OP
praka123

praka123

left this forum longback
Flaw Found!!!

vulnies in another firefox release too :x I tried and i have to say it sucks as with this example website :x
*www.heise-security.co.uk/services/browsercheck/demos/moz/pass1.shtml
According to a message posted over the weekend on the Full-Disclosure mailing list, the latest version of Firefox, 2.0.0.5, contains a password management vulnerability that can allow malicious Web sites to steal user passwords. If you have JavaScript enabled and allow Firefox to remember your passwords, you are at risk from this flaw.

The Mozilla team fixed a similar flaw last November, one which did not require JavaScript. The heise Security Web site contains a demo/proof of concept of the vulnerability risk that you can use to determine your vulnerability.
The original flaw was referred to as reverse cross-site scripting and was reportedly widely used on Myspace.com.
Note: A reader has pointed out that MySpace.com does not allow Javascript, as originally reported. The reader is correct, although there do seem to be workarounds which result in Javascript executing on some browsers.
Discussions between heise Security and Mozilla developers describe a debate among Mozilla developers over removing this feature, since "evil" server pages can steal passwords from browsers whether the user has opted for password management by Firefox or not.
Apple's Safari is vulnerable in the same way. Current workarounds include disabling JavaScript in Firefox or avoiding the use of Firefox password management on sites where users are allowed to post JavaScript pages.
*www.linux.com/feature/118166
So..this time its serious flaws!
 

RCuber

The Mighty Unkel!!!
Staff member
Thanks god I dont use much of the password managment in FF, Is this vurenebility there in 2.0.0.4 also? Really scarry man !!!
 
OP
praka123

praka123

left this forum longback
make a master passwd or disable java are the options currently available.I hope some browsers like Konqueror(Khtml) or gtkhtml based browsers arise.gecko browsers seems vulnerable very much these days!
 
Status
Not open for further replies.
Top Bottom