d0p3d4n

pwnzilla

8 posts in this topic

Interesting. I know the IDN vuln was first found and "fixed" back in 1.0.3 (I think it was .3).

Very interesting exploit in its execution though.

0

Share this post


Link to post
Share on other sites

I believe that build 1.0.7 of Firefox addresses this buffer overflow issue. (dated 9/20/05)

I may be wrong.

0

Share this post


Link to post
Share on other sites

It still is more safe. Keep in mind this was fixed under a day later, whereas the IE vulnerabilities, WHICH INCLUDE REMOTE FILE TRANSFER AND EXECUTION are fixed the first tuesday of every month, if even that. ;P

0

Share this post


Link to post
Share on other sites
It still is more safe.  Keep in mind this was fixed under a day later, whereas the IE vulnerabilities, WHICH INCLUDE REMOTE FILE TRANSFER AND EXECUTION are fixed the first tuesday of every month, if even that. ;P

They like to skip tuesday sometimes for whatever reason, and no it isnt done on wednesday. heh.

0

Share this post


Link to post
Share on other sites

Firefox isn't completely free of bugs? Revelation!

0

Share this post


Link to post
Share on other sites
Firefox isn't completely free of bugs? Revelation!

I guess this thread was started by a bitter IE user. You don't see people posting links to all of the IE exploits. :P

0

Share this post


Link to post
Share on other sites

So what, Firefox is seen by more people. More bugs are going to be found. In the first six months of 2005, the Mozilla family of browsers had 25 vulnerabilities, with 72 percent rated as high severity, according to the Internet Security Threat Report released by Symantec this week. During the same period, Microsoft's Internet Explorer had 13 confirmed vulnerabilities, with 62 percent rated as high severity, the report said. But the point a lot of people are starting to miss as the hear exploit and Firefox in the same sentence on an increasing basis, and Matt and Windwaker pointed out, it was fixed quickly. Besides, it isn't the number of vulnerabilities, it's how long they go unpatched, and the number left unpatched or called a "partial fix or workaround".

As the old saying goes, seeing is believing. :P

secunia1com6ij.png

secuniacom6db.png

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now