Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Debating Chamber > Internet, Web Apps and Networking

Reply
 
Thread Tools Display Modes
Old 20. Oct 2010, 08:50 PM   #111 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,323
Default

No idea about that Concerned User. I can't see anything about it in the release notes :

http://www.mozilla.org/security/know...#firefox3.6.11

Will check later for PSI advisories in a day or two.
__________________
Anupam
Anupam is offline   Reply With Quote
Old 20. Oct 2010, 09:22 PM   #112 (permalink)
Senior Member
 
Join Date: Nov 2009
Posts: 445
Default

Hi,

Did the update with the full installer and choosing "custom". Interesting, since Firefox is already installed, the installer changes the "next" tab to "upgrade" after a certain point.
Quote:
Originally Posted by Anupam View Post
... It might also be fixing the security vulnerability, which has been reported by Secunia since long.
It did, Secunia PSI lists Firefox 3.6.11 under "Patched" and has also updated the Advisory.

Cheers
__________________
26Dolphins
26Dolphins is offline   Reply With Quote
Old 20. Oct 2010, 10:39 PM   #113 (permalink)
Senior Member
 
bo.elam's Avatar
 
Join Date: Nov 2009
Posts: 1,714
Default

Quote:
Originally Posted by 26Dolphins View Post
Hi,

Did the update with the full installer and choosing "custom". Interesting, since Firefox is already installed, the installer changes the "next" tab to "upgrade" after a certain point.

It did, Secunia PSI lists Firefox 3.6.11 under "Patched" and has also updated the Advisory.

Cheers
I also saw the change to upgrade at certain point, like you did. Over the top worked fine.

Bo
bo.elam is offline   Reply With Quote
Old 20. Oct 2010, 10:50 PM   #114 (permalink)
Senior Member
 
bo.elam's Avatar
 
Join Date: Nov 2009
Posts: 1,714
Default

Quote:
Originally Posted by Anupam View Post
I always download the setup, which generally gets available before the internal updater alerts you of the new version. I have always updated by downloading the setup, and never had any problem.

I follow this practice for the other software too. Though recently, I started to update Avast antivirus from the automatic updater. That way, update is performed in no time, and very few data is downloaded. Although, I still download the setup separately.
I always do it, unlike you, by using the updater from within FF, its just
that this time it was troublesome. The way I update software depends
on the software that I am updating and FF is one that I have always
found easy to upgrade using the updater. Software like CCleaner and
Sandboxie I always do over the top and dont use their updaters.
To me, the way I update software depends on how I am use to do
the update for that particular software.
Updating Avast was always easy and I did it using their updater manually
and like you I usually DL the setup, each time that a new version came
out.

Bo
bo.elam is offline   Reply With Quote
Old 27. Oct 2010, 08:08 AM   #115 (permalink)
Senior Member
 
Concerned User's Avatar
 
Join Date: Apr 2010
Location: இந்தியா, सिन्धु, India
Posts: 486
Default

(Sighs deeply)....

Here we go again:

a "0" day vulnerability has been discovered in Firefox. This affects the latest version, 3.6.11 also. More details here:

http://www.theregister.co.uk/2010/10...x_0day_report/

Since I'm using noscript, it's not a big problem. Alternatives include disabling javascript completely. The Mozilla guys are aware of this and hopefully we should see a patch soon. The minefield builds are supposed to be "unaffected". More details:

http://blog.mozilla.com/security/201...d-firefox-3-6/
Concerned User is offline   Reply With Quote
Old 27. Oct 2010, 02:46 PM   #116 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,323
Default

Thanks for this information Concerned User.

I had not been using NoScript for a long time. But, after reading this news, I just now downloaded NoScript. Its better to be safe in cases of zero day exploits. If I do not feel any difference in browsing speed with NoScript, I may keep it, or I will uninstall it, once Firefox releases a patch.
__________________
Anupam
Anupam is offline   Reply With Quote
Old 27. Oct 2010, 03:15 PM   #117 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,323
Default

I noticed while looking at the options of NoScript, that by default, IFrame is allowed.

The vulnerability which has been found on Firefox, and on the Nobel Peace site, makes use of IFrame. So, IFrame should be checked so that NoScript blocks it by default too.

What about Frame?
__________________
Anupam
Anupam is offline   Reply With Quote
Old 27. Oct 2010, 06:26 PM   #118 (permalink)
Senior Member
 
Join Date: Jul 2009
Location: Northeast US
Posts: 476
Default

Sounds to me like a LUA and\or a sandboxed, reduced rights Firefox would have defeated the 0 day exploit flat.
Taurus is offline   Reply With Quote
Old 27. Oct 2010, 08:27 PM   #119 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,323
Default Firefox 3.6.12

I just saw Firefox 3.6.12 available on Kaldata, and FileForum. So, seems like Mozilla might have released a fix for the zero day vulnerability. The download is not yet available officially on the Mozilla site, and so I haven't read the release notes, so can't say for sure. But, this is a very quick release, so chances are that the vulnerability must have been patched.

If that's the case, I must say that its quite impressive how soon they released the fix.
__________________
Anupam
Anupam is offline   Reply With Quote
Old 28. Oct 2010, 03:52 AM   #120 (permalink)
Senior Member
 
bo.elam's Avatar
 
Join Date: Nov 2009
Posts: 1,714
Default

Quote:
Originally Posted by Anupam View Post
I noticed while looking at the options of NoScript, that by default, IFrame is allowed.

The vulnerability which has been found on Firefox, and on the Nobel Peace site, makes use of IFrame. So, IFrame should be checked so that NoScript blocks it by default too.

What about Frame?
I always have IFrames and Frames settings checked. They are not checked
by default because they use to make a mess when doing their work but that
is not the case now.
This settings also helps protect against clickjacking.

Bo
bo.elam is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 11:37 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2020, vBulletin Solutions, Inc.