Just got mildly disappointed in Firefox


	Just got mildly disappointed in Firefox

Rasmus

7-17-2007 5:52 AM

759 views

tags:

internet, internet browsers, internet security, internet vulnerability, firefox, internet explorer

14 Comments |

Add a Comment

7-17-2007 6:08 AM

Jo5329

I believe that ultimately the security of your system is up to your or your network admin. The software is only as secure as the latest hacker attempt. But bravo for doing this for folks! Each browser has their advantages and disavantages -- it just depends on your preference.

7-20-2007 4:27 PM

Rasmus

Fixed in Firefox 2.0.0.5
MFSA 2007-25 XPCNativeWrapper pollution
MFSA 2007-24 Unauthorized access to wyciwyg:// documents
MFSA 2007-23 Remote code execution by launching Firefox from Internet Explorer
MFSA 2007-22 File type confusion due to %00 in name
MFSA 2007-21 Privilege escalation using an event handler attached to an element not in the document
MFSA 2007-20 Frame spoofing while window is loading
MFSA 2007-19 XSS using addEventListener and setTimeout
MFSA 2007-18 Crashes with evidence of memory corruption

7-31-2007 5:08 PM

Rasmus

Fixed in Firefox 2.0.0.6
MFSA 2007-27 Unescaped URIs passed to external programs
MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows

Mozilla Foundation Security Advisories

9-24-2007 7:29 AM

Rasmus

Firefox/QuickTime security hole

[...] a security hole was discovered in the way that Firefox and Apple QuickTime work together, potentially allowing privileged code to execute on a user's computer without permission. Hackers can exploit the flaw to access data on a vulnerable PC or run malicious code such as a worm.

Companies and consumers need to update their copy of Firefox to keep themselves protected against software vulnerabilities [...]

sophos.com

Fixed in Firefox 2.0.0.7
MFSA 2007-28 Code execution via QuickTime Media-link files

[url=http://www.mozilla.org/proje...
read more»

10-19-2007 8:42 PM

Rasmus

Fixed in Firefox 2.0.0.8
MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
MFSA 2007-35 XPCNativeWrapper pollution using Script object
MFSA 2007-34 Possible file stealing through sftp protocol
MFSA 2007-33 XUL pages can hide the window titlebar
MFSA 2007-32 File input focus stealing vulnerability
MFSA 2007-31 Browser digest authentication request splitting
MFSA 2007-30 onUnload Tailgating
MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)

Mozilla Foundation Security Advisories

11-2-2007 5:35 AM

Rasmus

Firefox 2.0.0.9 released

The 2.0.0.8 release fixed some 200 issues, but accidentally regressed a few things. Most users won’t see any difference or experience any problems, and those 200 fixes make the 2.0.0.8 update very valuable, but you should never have to choose functionality over security. So we’re working fast to understand and fix these problems, and will shortly be issuing a 2.0.0.9 update to address them. The specific problems are:

* Bug 400406 - Firefox will ignore the “clear” CSS property when used beneath a box that is using the “float” property. There is a temporary workaround JS/CSS code available for web developers with affected layouts.
* Bug 400467 - W...

11-27-2007 8:48 AM

Rasmus

Fixed in Firefox 2.0.0.10

MFSA 2007-39 Referer-spoofing via window.location race condition
MFSA 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10)
MFSA 2007-37 jar: URI scheme XSS hazard

Mozilla Foundation Security Advisories

12-1-2007 8:41 AM

Rasmus

Fixed in Firefox 2.0.0.11

Firefox 2.0.0.11 fixed a bug introduced by the 2.0.0.10 update in the <canvas> feature that affected some web pages and extensions.

Mozilla Foundation Security Advisories

3-27-2008 6:17 AM

Rasmus

Fixed in Firefox 2.0.0.12

MFSA 2008-13 Multiple XSS vulnerabilities from character encoding
MFSA 2008-11 Web forgery overwrite with div overlay
MFSA 2008-10 URL token stealing via stylesheet redirect
MFSA 2008-09 Mishandling of locally-saved plain text files
MFSA 2008-08 File action dialog tampering
MFSA 2008-07 Possible information disclosure in BMP decoder
MFSA 2008-06 Web browsing history and forward navigation stealing
MFSA 2008-05 Directory traversal via chrome: URI
MFSA 2008-04 Stored password corruption
MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
MFSA 2008-02 Multiple file input focus stealing vulnerabilities
MFSA 2008-01 Crashes with evidence of memor...

3-27-2008 6:18 AM

Rasmus

Fixed in Firefox 2.0.0.13

MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
MFSA 2008-18 Java socket connection to any local port via LiveConnect
MFSA 2008-17 Privacy issue with SSL Client Authentication
MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
MFSA 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13)
MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution

Mozilla Foundation Security Advisories

4-17-2008 6:02 AM

Rasmus

Fixed in Firefox 2.0.0.14

MFSA 2008-20 Crash in JavaScript garbage collector

Mozilla Foundation Security Advisories

10-16-2008 11:03 AM

Rasmus

Fixed in Firefox 2.0.0.17
MFSA 2008-45 XBM image uninitialized memory reading
MFSA 2008-44 resource: traversal vulnerabilities
MFSA 2008-43 BOM characters stripped from JavaScript before execution
MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
MFSA 2008-40 Forced mouse drag
MFSA 2008-39 Privilege escalation using feed preview page and XSS flaw
MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
MFSA 2008-37 UTF-8 URL stack buffer overflow

Fixed in Firefox 2.0.0.16
MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running
MFSA 2008-34 Remot...

11-20-2008 12:42 PM

Rasmus

Fixed in Firefox 2.0.0.18

MFSA 2008-58 Parsing error in E4X default namespace
MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
MFSA 2008-55 Crash and remote code execution in nsFrameManager
MFSA 2008-54 Buffer overflow in http-index-format parser
MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
MFSA 2008-50 Crash and remote code execution via __proto__ tampering
MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading
MFSA 2008-48 Image stealing ...

Login to Comment. Not a member yet? Sign up

Today's Top Clips

visit the Top Clips page

View the Top Clips from July 17, 2007

Embed This Clip In Your Site...

<div style="margin: 12px 0px; font-family: arial; color: #333333; background: #ffffff; border: solid 4px #e5e5e5; width: 100%; clear: left;"><div class="CM_CTB_Content_Wrap" style="margin: 0px; padding: 0px;background-color: #ffffff;"><div style="border-bottom: solid 1px #dcdcdc; white-space: nowrap; margin-bottom: 8px; background-color: #eeeeee ;background-image: url(http://clipmarks.com/images/source-bg.gif); background-repeat: repeat-x; height: 24px; line-height: 24px; vertical-align: middle; padding-bottom: 4px; color: #666666; font-size: 10px;" ><a href="http://clipmarks.com/clip-to-blog/" title="see clips that are hot right now"><img src="http://content.clipmarks.com/blog_embed/f2f5fb24-02f5-4161-8bc4-6d7d21b0bc5a/4C4041D8-CF65-4C88-B2A7-E26DCC7F49AC/" alt="" width="19" height="19" border="0" style="vertical-align: middle; margin: 0px 4px; display: inline; border: none; float:none;" /></a>clipped from <a title="http://www.spreadfirefox.com/node/27903" href="http://www.spreadfirefox.com/node/27903" style="font-size: 11px;">www.spreadfirefox.com</a></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://www.spreadfirefox.com/node/27903"><P>For the past four months I have been making a security chart that showed the statistics by secunia to help "evangelize" Firefox by showing people how much better Firefox is in security compared to Internet Explorer 7. </p> <P>When I first started making it Firefox was three times more secure than Internet Explorer. That changed gradually. Now, since yesterday, a no. 4 (with a 0-5 criticality rating, highly critical) criticality was fund in Firefox's most recent version. That was also a day when Microsoft did some security updates. </p> <P>Now Firefox is 1% less secure than internet explorer!I hope this will be patched soon, and that it won't stay in Firefox 3, because for the past twenty or so hours, it would be lying to say that Firefox is more secure. This is kind of dissapointing. </p> <P>Go Firefox!!!</p> <P> I have attached the chart, and the text information, which gives all the details. </p> <P><IMG hspace="0" border="0" align="bottom" src="http://img.photobucket.com/albums/v626/xantan51/security.gif" /></P></blockquote></div><div style="margin: 0px 6px 6px 4px;"><table style="font-size: 11px;border-spacing: 0px;padding: 0px;" cellpadding="0" cellspacing="0" width="100%"><tr><td style="background:transparent;border-width:0px;padding:0px;">&nbsp;</td><td align="right" style="background:transparent;border-width:0px;padding:0px;width:107px" width="107"><a href="http://clipmarks.com/share/4C4041D8-CF65-4C88-B2A7-E26DCC7F49AC/blog/" title="blog or email this clip"><img src="http://content8.clipmarks.com/images/c2b-foot.png" border="0" alt="blog it" width="107" height="17" style="border-width:0px;padding:0px;margin:0px;" /></a></td></tr></table></div></div>

New from the makers of Clipmarks: Amplify.com - Don't just share the news...Amplify it!

Clipmarks: Home; New Clips; Top Clips; Dashboard

Popular Topics: News; Life; Science; Technology; Entertainment

Get Started: Sign Up; Install Clipping Tool; How Clipping Works; Clip-to-Blog™; ClipSearch

Tools and Resources: FAQ; ClipWeek; Top Clippers; Top Tags; Site Map

About Clipmarks: About Us; Contact; Copyright; Privacy; EULA

Search Options

Today's Top Clips