digg

Facebook Connect Join Digg About

Update: Possible Vulnerability Reported at Toorcon

developer.mozilla.org More details on the vulnerability found at Toorcon--apparently it is not as 'viable' as previously documented.

Who dugg this? Made popular Oct 3, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

18 Comments

show profanity settings
expand all
  • rawis, on 10/12/2007, -1/+11It's quite funny how basically everyone in tech-media jumped on this. A couple of tech-mags I read that described the threat as confirmed.

    That Firefox isn't "waterproof" is obvious, no software is, but I will say that one of the differences between payware and open-source is that open communities respond to these kind of messages more seriously. That is always positive.
    There is a good reason they used Javascript in there vulnerability claims. This is and will continue to be a possible issue.

    Basically, they went for it, got people talking and now they've set the record straight.
    As long as Mozilla keeps security as a priority they'll continue to grow in popularity.
  • dioxmat, on 10/12/2007, -1/+10"The main purpose of our talk was to be humorous."

    Ahah, nice one.
  • hchaudh1, on 10/12/2007, -1/+8Maybe this is an after the fact damage control since the biggest sponsor of ToorCon is Microsoft (Platinum, no less).
  • jiminoc, on 10/12/2007, -1/+7they're like a white version of kid n play
  • judsond, on 10/12/2007, -0/+6Toorcon also let the fake apple wifi hackers give a speech as well, kinda fishy...
  • socokoolaid, on 10/12/2007, -1/+6Break out the banjo
  • natmaster, on 10/12/2007, -4/+8People are so eager to hear what they want.

    "Oh, my IE isn't any worse than Firefox! The sky is falling!"

    Oy.
  • sremick, on 10/12/2007, -1/+3This is the best summary of the security comparisons between IE and Firefox I know of. It's kept up-to-date and tabulates numerous metrics based upon Secunia.

    Despite the anti-Firefox FUD that some questionably-funded groups might try to spread, that site helps keep things in-perspective.
  • mvent2, on 10/12/2007, -3/+5So they were just trying to enlarge their e-penis?

    To MoFo and devs: If they do in fact have vulnerabilities, let them use them. You'll have sufficient proof from this talk alone to lock them up and throw away the key once they get caught, and once the exploits get out there you'll be able to analyse them yourself and fix them, thus not needing to give away $500.

    They're just digging very deep holes for themselves. For blackhats, they're certainly very dumb.
  • count, on 10/12/2007, -2/+4Be sure to mark http://digg.com/security/Firefox_JavaScript_security_a_complete_mess as Inaccurate! We don't want those kinds of lies spreading.
  • schestowitz, on 10/12/2007, -0/+1 THAT FIREFOX SECURITY HOLE IS A HOAX

    http://www.heise-security.co.uk/news/78970

    Firefox flaw overrated

    ,----[ Quote ]
    | I do not have 30 undisclosed Firefox vulnerabilities, nor did I
    | ever make this claim. I have no undisclosed Firefox
    | vulnerabilities. The person who was speaking with me made this
    | claim, and I honestly have no idea if he has them or not.
    |
    | I apologize to everyone involved, and I hope I have made
    | everything as clear as possible.
    `----

    http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/

    Who could possibly support such FUD? Yes, you've guessed it right.

    ToorCon ("Firefox security is a mess") sponsored by Microsoft

    ,----[ Quote ]
    | Lately, I read the headline: "Open Source browser Firefox is so
    | critically flawed that it is impossible to fix, according to two
    | hackers." Further on, in the ZDNet article I read: "The hackers claim
    | they know of about 30 unpatched Firefox flaws. They don't plan to
    | disclose them, instead holding onto the bugs."
    |
    | Since that sounds suspicious, I decided to start searching for
    | connections with MS. Easy enough, here it is...
    `----

    http://lxer.com/module/newswire/view/70873/index.html
  • GrinningFool, on 10/12/2007, -2/+3And while we're at, "can't we all just get along"?
  • halleyscomet, on 10/12/2007, -1/+2Translation: Mischa Spiegelmock is one of the following:

    A miserable little ***** who so pathetic and desperate for attention that he's willing to make up whatever random nonsense he can to get people to notice him, despite his complete lack of anything remarkable or unique in his personality or accomplishments.

    An immoral bastard who sold the exploit to a criminal organization or spy happy government and is now lying through his teeth to lull people into a false sense of security.

    Actually building the darknet he "joked" about and doesn't want his best infection vector patched.
  • sremick, on 10/12/2007, -1/+1Bah, forgot the link:

    http://www.webdevout.net/security_summary.php
  • Mambo, on 10/12/2007, -1/+1Water resistant maybe?
    Hydrophobic even?
  • jetsetter, on 10/12/2007, -4/+3Tools.
  • TechnoGuyRob, on 10/12/2007, -9/+3What about this pair?

    http://img349.imageshack.us/img349/9301/dupesdj9.png

    Seriously, frontpage dupes right next to each other?
  • socokoolaid, on 10/12/2007, -9/+1so gay

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.