Security vulnerability in Firefox

Rik · Aug 14, 2007, 10:05:50

El Reg is reporting a potential problem with FF. "A security researcher has discovered a vulnerability in Firefox that could allow criminals to remotely siphon private information stored in plugins and call sensitive functions."

The report goes on to say, "A Mozilla spokesman said the organization is investigating the report. As usual, the best workaround in the interim is NoScript, provided the site exploiting site has not been authorized to run javascript. ®"

Lance · Aug 14, 2007, 10:27:14

It seems to me that the vulnerabilities in Firefox are appearing as quickly as they do in IE!

Rik · Aug 14, 2007, 10:28:04

I suppose it's inevitable as the user base expands, Lance.

Inactive · Aug 14, 2007, 10:34:44

This was part of my reasoning for using Opera for online transactions, less users, so arguably less vulnerable, that's my theory, not sure if there is any strength in it.

Lance · Aug 14, 2007, 10:38:15

Indeed it is.

What I like about it is that the people using FF, as they think it to be more secure than IE, are actually not that much better off!

J!ll · Aug 14, 2007, 13:19:49

So now I must change to Opera? $:-\$

Rik · Aug 14, 2007, 13:25:41

Not if you're careful what you do, Jill. For absolute security, run the NoScript add on.

Ray · Aug 14, 2007, 13:32:06

I will continue to use Firefox as Rik says also using the Noscript add-on.
I can't change to Opera as I use Roboform for storing my passwords and logins and Opera is one of the few Browsers that doesn't work with Roboform

J!ll · Aug 14, 2007, 13:46:38

Quote from: Rik on Aug 14, 2007, 13:25:41
Not if you're careful what you do, Jill. For absolute security, run the NoScript add on.

Oops, done, ta

Rik · Aug 14, 2007, 14:14:05

One thing we shouldn't lose sight of is that there are no recorded attacks using this technique as yet, only a proof of concept. The chances are that, by the time anyone is in a position to exploit the vulnerability, it will have been patched.