Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Debating Chamber > Internet, Web Apps and Networking

Reply
 
Thread Tools Display Modes
Old 15. Jul 2009, 04:23 PM   #1 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,332
Default Critical Security Vulnerability In Firefox 3.5

A critical security vulnerability has been discovered in Firefox 3.5.

Please read the below link to find out more... and also to fix the vulnerability... atleast for now, until Firefox releases a patch, which will be soon.

http://www.ghacks.net/2009/07/15/cri...n-firefox-3-5/
__________________
Anupam
Anupam is offline   Reply With Quote
Old 15. Jul 2009, 04:38 PM   #2 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,332
Default The fix

The security vulnerability can be fixed by following this:
Type in about:config in the Firefox address bar and hit enter. Type javascript.options.jit.content in the filter box. Double-click it after finding it, to set it to false.
__________________
Anupam
Anupam is offline   Reply With Quote
Old 15. Jul 2009, 05:51 PM   #3 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,306
Default

Do you know if this is still required with NoScript installed?
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is offline   Reply With Quote
Old 15. Jul 2009, 07:00 PM   #4 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,332
Default

I was thinking the same too, but I really don't have any idea about that.
__________________
Anupam
Anupam is offline   Reply With Quote
Old 15. Jul 2009, 07:49 PM   #5 (permalink)
rikmayell
Guest
 
Posts: n/a
Default

Quote:
Originally Posted by MidnightCowboy View Post
Do you know if this is still required with NoScript installed?
The bug is in the GreaseMonkey 'Just In Time' JavaScript compiler introduced in version 3.5. With NoScript enabled it's not an issue as no JavaScript can be executed for blocked sites. Of course, if you were to unblock a site that had malicious code attached then you'd be 'kippered.' But that's always true (more or less) anyway.
  Reply With Quote
Old 15. Jul 2009, 07:58 PM   #6 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,332
Default

Thanks for the insight rikmayell . So, I think we should be expecting a 3.5.1 release soon from Firefox .
__________________
Anupam
Anupam is offline   Reply With Quote
Old 15. Jul 2009, 08:15 PM   #7 (permalink)
rikmayell
Guest
 
Posts: n/a
Post

Quote:
Originally Posted by Anupam View Post
Thanks for the insight rikmayell . So, I think we should be expecting a 3.5.1 release soon from Firefox .
I imagine quite a few people will be having sleepless nights until they can get 3.5.1 out of the door
  Reply With Quote
Old 15. Jul 2009, 11:47 PM   #8 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,306
Default

Thanks for the info. I only changed back to Firefox so I could use Link Extend. I do wish something similar was available for Opera. I know Opera has a good default security setup but when checking out sites for TSA links there's nothing easier than Link Extend or WOT so I'm a bit stuffed

Downloads are no problem 'coz you can integrate the Dr. Web script but it's so much easier to scan a Google page with red and green dots for the site checks.

Incidentally I made contact with a guy called Suki Takato from Lunascape who was quite chatty until I asked him questions about a security comparison, in particular their own brand surf protection which seems to have died on their website in 2007. The emails stopped coming!

Another one to write off for the time being - three engines or not!
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is offline   Reply With Quote
Old 16. Jul 2009, 03:45 AM   #9 (permalink)
J_L
Co-Author, Best Free Security List
 
J_L's Avatar
 
Join Date: Dec 2008
Posts: 2,003
Default

Time to use SandBoxie more often.. Decreasing my browsing speed is not an option (especially with NoScript as well).
J_L is offline   Reply With Quote
Old 16. Jul 2009, 11:06 AM   #10 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,332
Default

I just hope Firefox does not goes the IE way of being full of security issues. That would be sad
__________________
Anupam
Anupam is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 04:53 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2020, vBulletin Solutions, Inc.