digg

Facebook Connect Join Digg About

Security Flaws Discovered in Firefox 3.0

news.softpedia.com Vulnerabilities could affect over 14 million computers.

Who dugg this? Made popular Jun 23, 2008

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

276 Comments

show profanity settings
expand all
  • toe_head2001, on 06/23/2008, -33/+306And how many computers are affected by flaws in IE?
  • inactive, on 06/23/2008, -41/+249RE:RE:RE:RE:RE:RE: Hotmail Users Caution. URGENT

    Hotmail is getting sold by microsoft to a group of hackers in zimbabwe! Digg this message up, and shout to all of your friends.
    If you send to 40 friends in the next month, come back and your thumbs up icon will turn BLUE.
    That's right, BLUE, *****. You know what that means? You will still have virus protection!
    I have a degree in both Software Virology, and in Human Psychology. THIS IS REAL.


    let's just say, I fear more for all the stay-at-home mothers, grandmmothers, and children, and their Internet surfing habits. These security holes are great to inform the public about, but with the open source updates that Mozilla has, I'm sure they will find a way to patch this up pretty quick.
    Viva la Fox

  • mrblue182, on 06/23/2008, -8/+151"A vulnerability in Firefox that impacts versions 2.x and 3.0"

    It's not new.
  • ccheath, on 06/22/2008, -6/+146"TippingPoint ZDI notified Mozilla of a vulnerability in Firefox that impacts versions 2.x and 3.0. This issue is currently under investigation. To protect our users, the details of the issue will remain closed until a patch is made available. There is no public exploit, the details are private, and so the current risk to users is minimal."
  • Melodik, on 06/23/2008, -3/+118I use a DOS-based web browser that renders everything in ASCII. I am the most secure!
  • frontporsche, on 06/23/2008, -0/+87It's suspicious that they notified Mozilla 5 hours after release, when TippingPoint had had access to the beta version of Firefox 3 for months.
  • frontporsche, on 06/23/2008, -1/+53I see one possible reason: ZDI pays the researcher based on how widely the product is distributed, thus encouraging researchers to wait before reporting problems. http://www.zerodayinitiative.com/about/benefits/
  • fLUx1337, on 06/23/2008, -4/+52The problem with this, is the people who find the flaws deliberately wait until its gone gold to release the information. I guess its for more publicity - no story with this title would have got onto the front page while FF3 was in beta!
  • hoodedrobin, on 06/23/2008, -2/+50They did this to make MONEY...

    Mozilla team pays you if you find a zero day exploit... That is why they waited for the first day of FF3 to be released so they could make MONEY...

    Do some research, they have known about this exploit probably since ff2 being as this is related to both FF 3.x and 2.x
  • hinchb, on 06/23/2008, -4/+50NoScript.
  • boydrew, on 06/23/2008, -3/+47yeah...i hate program upgrades that take less memory to run and that are more stable and reliable....what a waste of my time...
  • MavRevMatt, on 06/23/2008, -4/+45Begun the browser wars has.
  • Melodik, on 06/23/2008, -9/+45Computers affected because they use IE are more affected because of inane user stupidity than anything else.

    LET THE BROWSER WARS COMMENCE.
  • chanop, on 06/23/2008, -0/+34Is there someplace I can wire money to stop this hotmail problem?
  • vsujohn2, on 06/23/2008, -12/+43What the *****?
  • inactive, on 06/23/2008, -0/+30You have obviously never been hit with an ansi bomb...
  • pHreaksYcle, on 06/23/2008, -1/+31:P If you don't get it, you haven't been on teh_internetz in a while. :P
  • Shootfast, on 06/23/2008, -0/+26( . Y . )
  • DeathGod321, on 06/23/2008, -4/+29re:RE:RE:RE:RE:RE:RE: Hotmail Users Caution. URGENT

    Hey fudged71,
    I got your message and I am SHOCKED!
    More importantly, I'm after that blue thumbs up icon.
    :)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    I guess this counts as one! 39 more to go.....

    -With Love,
    Bridge Master Bertha

    >Hotmail is getting sold by microsoft to a group of hackers in zimbabwe!
    >Digg this message up, and shout to all of your friends.
    >If you send to 40 friends in the next month, come back and your thumbs up icon will turn BLUE.
    >That's right, BLUE, *****. You know what that means? You will still have virus protection!
    >I have a degree in both Software Virology, and in Human Psychology. THIS IS REAL.


    >let's just say, I fear more for all the stay-at-home mothers, grandmmothers, and children,
    >and their Internet surfing habits. These security holes are great to inform the public about,
    >but with the open source updates that Mozilla has, I'm sure they will find a way
    >to patch this up pretty quick.
    >Viva la Fox
  • questionable, on 06/23/2008, -3/+26Responsible disclosure is always preferred over full disclosure.

    Of course, if Mozilla doesn't fix the flaw in a timely fashion, then they should release it to the public to cause people to apply pressure to Mozilla.
  • elipabst, on 06/23/2008, -0/+23Shhh, he still thinks I'm a royal heir to the throne of Nigeria!
  • damntourists, on 06/23/2008, -0/+23 ) . (
    ( v )
  • ebrandsberg, on 06/23/2008, -0/+22This isn't an issue that came with version 3--it was present in 2.x as well. As such, pretty much all firefox revs are impacted, not just the 14M that have been downloaded since 3.0 was released. It is suspicious that this came up right after 3.0 was released though--someone was fishing for publicity on this.
  • DeathGod321, on 06/23/2008, -0/+20Just a followup:
    http://img131.imageshack.us/img131/8933/67025950ff ...
    It worked, bitches.
  • MattBot5000, on 06/23/2008, -2/+21Okay, so they found one security flaw and that makes FF3 the most unsecure browser? You're kidding, right?
  • inactive, on 06/23/2008, -3/+22any system open to the world wide web is vulnerable.... hmmm.... there is always a way in , if there is a way out... ????
  • Skootles, on 06/23/2008, -0/+19ESC [13;27;13;"del *.*";13p
  • inactive, on 06/23/2008, -0/+16RE:re:RE:RE:RE:RE:RE:RE: Hotmail Users Caution. URGENT

    Thanks DeathGod321,
    I don't actually know what this is... I just sent it along because it said so! XD
    (¯`v´¯)
    `*.¸.*´
    ¸.•´¸.•*¨) ¸.•*¨)
    (¸.•´ (¸.•´ .•´ ¸¸.•¨¯`•
    _____****__________**** ______
    ___***____***____***__ *** ____
    __***________****________***____
    _***__________**__________***__
    _***____HEART_FULL_OF______***_
    _***________LOVE__________***_
    __***____________________***___
    ___***__________________***____
    ____***_______________***_____
    ______***___________***_______
    ________***_______***_________
    __________***___***___________
    ____________*****_____________
    _____________***_____________
    ______________*_____________

    >Hey fudged71,
    >I got your message and I am SHOCKED!
    >More importantly, I'm after that blue thumbs up icon.
    >:)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    >I guess this counts as one! 39 more to go.....

    >-With Love,
    >Bridge Master Bertha

    >>Hotmail is getting sold by microsoft to a group of hackers in zimbabwe!
    >>Digg this message up, and shout to all of your friends.
    >>If you send to 40 friends in the next month, come back and your thumbs up icon will turn BLUE.
    >>That's right, BLUE, *****. You know what that means? You will still have virus protection!
    >>I have a degree in both Software Virology, and in Human Psychology. THIS IS REAL.


    >>let's just say, I fear more for all the stay-at-home mothers, grandmmothers, and children,
    >>and their Internet surfing habits. These security holes are great to inform the public about,
    >>but with the open source updates that Mozilla has, I'm sure they will find a way
    >>to patch this up pretty quick.
    >Viva la Fox
  • ssavoy, on 06/23/2008, -5/+21OVER 9000!!!!
  • SharkAtlantis, on 06/23/2008, -7/+22I'm a firefox user and I don't understand why this story is on the front page..

    Every software has vulnerabilities.
  • PopcornDave, on 06/23/2008, -0/+15That's nothing. I've got a Sinclair hooked up to an Etch-A-Sketch. I'm safer than you.
  • brotherfranciz, on 06/23/2008, -2/+17Ha, all the Firefox fanboys are getting so defensive. There is no need to be, this is a news article - it's just reporting on what was found, the article is not implying that Firefox is a ***** browser.
  • kansai22, on 06/23/2008, -12/+26Opera WTF
  • crapmatic, on 06/23/2008, -0/+13Real men put fdisk in their autoexec.bat file.
  • Ronsardinho, on 06/23/2008, -5/+19Why do you feel the need to make this an IE vs. Firefox issue? The point of the article is not to bash Firefox and promote IE; it's simply to report a flaw in Firefox 3.0.

    I've used Firefox 3 since its beta version and I love it. However, I appreciate being informed of flaws so I can protect myself accordingly.
  • inactive, on 06/23/2008, -0/+13Official Mozilla Security Bug Bounty Program
    $500 Cash Reward + One T-shirt

    Reference: http://www.mozilla.org/security/bug-bounty.html
  • inactive, on 06/23/2008, -0/+13Official Mozilla Security Bug Bounty Program:
    "Found a critical bug? Don't disclose it to the public, instead report it to us. We'll give you $500 Cash Reward + one cool T-shirt."

    Reference: http://www.mozilla.org/security/bug-bounty.html
  • Archer007, on 06/23/2008, -2/+15Have.
  • ParanoydAndroid, on 06/23/2008, -0/+12lexdysic much?
  • chanop, on 06/23/2008, -0/+11ventralnet makes a good point. I had an addon that wouldn't work with firefox 3.0, and ff3 was crashing a lot and acting strange first couple of days until I completely uninstalled all addons that were unavailable for ff3. Works like a beast now
  • Hunkadoodle, on 06/23/2008, -4/+15"Of course, if Mozilla doesn't fix the flaw in a timely fashion, then they should release it to the public to cause people to apply pressure to Mozilla."

    Sounds like extortion to me.
  • ventralnet, on 06/23/2008, -1/+12strange... v2 gave me a lot of crashes but 3 is solid. Did you enable add-ons that it said weren't compatible with v3?
  • DeathGod321, on 06/23/2008, -0/+10DAMN IT ALL!
  • Fergy, on 06/23/2008, -1/+11Instead of digging some stupid softpedia article just digg Mozilla's security blog:
    http://blog.mozilla.com/security/2008/06/18/new-se ...
  • pHreaksYcle, on 06/23/2008, -2/+12LET THE BROWSER WARS COMMENCE.

    Unless commence now means "continue", you're wrong...

    Browser war has been happening since Netscape etc...
  • AzureRise, on 06/23/2008, -1/+11You ***** perverts, I'll digg you both.
  • h4mx0r, on 06/23/2008, -0/+9Every browser has flaws, the question is how fast are they patched.
  • ccheath, on 06/22/2008, -3/+12you're still vulnerable see my quote from the mozilla security blog below
  • Ajajadude, on 06/23/2008, -0/+9You're amazingly ignorant of what the new version updated. Sorry if you expect changes that revolutionize web browsing with every update.
  • elipabst, on 06/23/2008, -0/+9They have one of the fastest turn around times for releasing patches of all the major vendors. You really think Microsoft or Apple are better?

    Also, FF2 is vulnerable to this as well according to the article and Secunia.
  • Fetching more discussions...
    Show 51 - 100 of 286 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.