Mozilla admits Firefox is flawed just like IE

[anandk]

In a public mea culpa, Mozilla Corp.'s chief security officer acknowledged today that Firefox includes the same flaw that the company called a "critical vulnerability" in Internet Explorer during a two-week ruckus over responsibility for a Windows zero-day bug.

We thought this was just a problem with IE," Synder continued. "It turns out, it is a problem with Firefox as well."

*www.computerworld.com.sg/ShowPage.aspx?pagetype=2&articleid=5857&pubid=3&tab=Home&issueid=115

 

[blackpearl]

If you go by the no of vulnerabilities discovered, FF is as insecure as IE.

 

[a_k_s_h_a_y]

ok so now shld i change back to IE...coz my sys does not hav much RAM ??
shall i switch back to IE ??

 

[praka123]

Password vulnerability in Firefox 2.0.0.5

more reasons just out:
Password vulnerability in Firefox 2.0.0.5

According to a message posted over the weekend on the Full-Disclosure mailing list, the latest version of Firefox, 2.0.0.5, contains a password management vulnerability that can allow malicious Web sites to steal user passwords. If you have JavaScript enabled and allow Firefox to remember your passwords, you are at risk from this flaw.

The Mozilla team fixed a similar flaw last November, one which did not require JavaScript. The heise Security Web site contains a demo/proof of concept of the vulnerability risk that you can use to determine your vulnerability.
The original flaw was referred to as reverse cross-site scripting and was reportedly widely used on Myspace.com.
Note: A reader has pointed out that MySpace.com does not allow Javascript, as originally reported. The reader is correct, although there do seem to be workarounds which result in Javascript executing on some browsers.
Discussions between heise Security and Mozilla developers describe a debate among Mozilla developers over removing this feature, since "evil" server pages can steal passwords from browsers whether the user has opted for password management by Firefox or not.
Apple's Safari is vulnerable in the same way. Current workarounds include disabling JavaScript in Firefox or avoiding the use of Firefox password management on sites where users are allowed to post JavaScript pages.

*www.linux.com/feature/118166

 

[infra_red_dude]

ok so now shld i change back to IE...coz my sys does not hav much RAM ??
shall i switch back to IE ??

hmmm.... do i see an opera neophyte in the making??!

 

[praka123]

so nobody tried to know the impact of this vulnerability/?
*www.heise-security.co.uk/services/browsercheck/demos/moz/pass1.shtml
^ur passwds stored on FF can be stolen already!!

 

[gxsaurav]

Soo...firefox sux for storing passwords. Thanx god I have AIRoboform in Windows.

Or keychain in Mac OS with 1Passwd

Or <enter name here> in Linux

 

[blackpearl]

I never store passwords in browsers.

 

[RCuber]

@Prakash I will continue here itself.

What kind of encryption does IE , FF and Opera use for storing passwords?

 

[Pathik]

aks_win u r the man.. This is the right time 4 u to try opera..

 

[praka123]

{Linux rants- sry if u dnt get}
@charangk,@linuxuser:
I am yet to use a password manager in Debian/Ubuntu.I hope Gnome-keyring-manager,Gpass etc for Gnome or similar for Kde like kwallet helps. or search synaptic for passwd manager

 

[a_k_s_h_a_y]

hmmm.... do i see an opera neophyte in the making??!

not really...why should i use firefox when it $ucks...(sadly now its bad)
i use it only because efficient adblocking
now i think its available with all browsers

1 thing i liked in firefox is bookmark toolbar !! hope i get this in opera now.
am goin to try using IE 7 and opera now

 

[zyberboy]

so nobody tried to know the impact of this vulnerability/?
*www.heise-security.co.uk/services/browsercheck/demos/moz/pass1.shtml
^ur passwds stored on FF can be stolen already!!

^^This problem is fixed now

 

[pannaguma]

very bad news.

 

[praka123]

^^This problem is fixed now

It aint.as with Ubuntu(2.0.0.5)

 

[hcp006sl]

Opera rocks..........

 

[goobimama]

Firefox is the rats. Even though I use it I despise it. The only reason I sort of promote it, is cause IE is the rodent and there's nothing worse than using IE.

 

[gxsaurav]

Firefox is the rats. Even though I use it I despise it. The only reason I sort of promote it, is cause IE is the rodent and there's nothing worse than using IE.

IE 7's engine is old, that is true. But I guess somebody never used IE 7 "software" on Windows, which in few things beats Firefox (Page zoom, better speed of the software part)

 

[goobimama]

Of course there must be somebody who hasn't used IE software on Windows. But not me. I've tried IE 7 thinking that it would make for installing less software (I don't like lots of apps), but sadly, I don't like it one bit. There's also the thing of the "Stop" button separated from the "back forward" buttons. It stretches out to the other side on my 1920*1200 widescreen. Horrible. Gone back to Firefox. Waiting for safari to show some signs of stability (in Windows) and then make the switch.

 

[als2]

no browser is FLAWLESS but i still feels Firefox is BETTER than internet explorer and opera