Firefox - new problems

[Richard Urban]

Two new "extremely critical" problems have been found with Firefox over the
weekend. http://secunia.com/advisories/15292/

Now that people are really looking at it (the coding structure) more
problems are coming to light. So it seems that Internet Explorer is not
alone.

My main complaint with FF is that some web pages NEVER complete downloading,
even after five minutes. In IE the same page indicates "download complete"
within a couple of seconds. And these are major news sites such as CBS news,
ABC news etc.

--
Regards,

Richard Urban

aka Crusty (-: Old B@stard

If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

 

[Leythos]

Two new "extremely critical" problems have been found with Firefox over the
weekend. http://secunia.com/advisories/15292/

Now that people are really looking at it (the coding structure) more
problems are coming to light. So it seems that Internet Explorer is not
alone.

My main complaint with FF is that some web pages NEVER complete downloading,
even after five minutes. In IE the same page indicates "download complete"
within a couple of seconds. And these are major news sites such as CBS news,
ABC news etc.

I've actually experienced the "never completing" problem on websites
that use a java script to "preload" images. If you remove the java
scripting for the preloading the problem goes away, but that's not a
valid solution.

Not having read the article, it doesn't seem like a security problem,
but a processing problem.

 

[Richard Urban]

Please understand, I just tacked on my personal problem as an addendum. It
has nothing to do with the security issues discovered.


--
Regards,

Richard Urban

aka Crusty (-: Old B@stard

If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

 

[Leythos]

Please understand, I just tacked on my personal problem as an addendum. It
has nothing to do with the security issues discovered.

NP, I was just saying security from the manner in which it acts when not
completing.

It was really irritating to develop a small site, preload images, and
then test with IE and FF and get different results all because of js.

 

[kurttrail]

Two new "extremely critical" problems have been found with Firefox
over the weekend. http://secunia.com/advisories/15292/

Now that people are really looking at it (the coding structure) more
problems are coming to light. So it seems that Internet Explorer is
not alone.

My main complaint with FF is that some web pages NEVER complete
downloading, even after five minutes. In IE the same page indicates
"download complete" within a couple of seconds. And these are major
news sites such as CBS news, ABC news etc.

From http://secunia.com/advisories/15292/:

Solution:
1) Disable JavaScript.

2) Disable software installation: Options --> Web Features --> "Allow
web sites to install software"

NOTE: A temporary solution has been added to the sites
"update.mozilla.org" and "addons.mozilla.org" where requests are
redirected to "do-not-add.mozilla.org". This will stop the publicly
available exploit code using a combination of vulnerability 1 and 2 to
execute arbitrary code in the default settings of Firefox.


Both of these things should be done to begin with, if you are using you
common sense while browsing the web!

Oh, and I bet it won't take the Mozilla development community MONTHS to
fix like MS takes to plug its holes. I believe one security hole MS
took over six months to patch, IIRC!

No code it perfect, but it does help to not be as big of a target as MS
is! The more diverse the online community is in using different browser
technology, the more secure the online community will be when attacked
by any one exploit.

And the same goes with OSs. A homogenous OS install base on computers
attached to the Net is inherently less secure than a more heterogenuos
OS install base. Why? Because there are more targets that would need
to be hit to do any real damage to the Net as a whole.

If Homeland Security was really interested in Online security, they be
pumping money into the development of alternate browser and OS
technology!

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"

 

[kurttrail]

I've actually experienced the "never completing" problem on websites
that use a java script to "preload" images. If you remove the java
scripting for the preloading the problem goes away, but that's not a
valid solution.

Not having read the article, it doesn't seem like a security problem,
but a processing problem.

--

At kurttrail.com, we cater to those who are smart enough to disable
scripting! And even at microscum.com our web pages are still functional
without scripting enabled.

This is a new world, and until the online environment is more
heterogeneous, the smart individual knows how to cover one's own ass!

I have both scripting and activex turned off by default through my
firewall, and add a website as an exception on a site to site basis.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"

 

[R. McCarty]

The US Government has proved time and time again that they cannot
manage or develop code. Two perfect examples are the US Air
Traffic system and the FBI's recent "Money Pit" coding effort. It's
interesting that even today, Air travel is controlled by basically 1960's
technology. The FAA has made numerous attempts to modernize,
and almost every "State-of-the-Art" system can't measure up to those
older systems.
Perhaps you meant to pump money into non-government channels,
but the end result will be the same. Magnificent Charts, Graphs, &
administration - but little significant coding. At least for now MS still
keeps the bulk of it's development work in the US.
Software is evolutionary - Starting from Scratch is nearly impossible.
Trace the roots of all browsers - none are built from the ground up,
all have the same "Family Tree".

 

[Richard Urban]

As people often say about Internet Explorer - It should just be safe by
default! The same applies to Firefox as well.

The inexperienced user (about 90% of all users) shouldn't have to go in and
change settings to protect his computer.

Grandma and Grandpa go and get a new computer so they can chat with their
grand children on the other side of the world. Within minutes of going
on-line their computer begins to get infected. Then they click on links sent
from their grand children, because they really want so see what their
relatives are so excited about, and they get infected some more. After about
3-4 weeks I get a call where I have to spend an inordinate amount of time
cleansing their computer and trying to lock it down.

It should have been locked down by default - right out of the box!

--
Regards,

Richard Urban

aka Crusty (-: Old B@stard

If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

 

[Leythos]

I have both scripting and activex turned off by default through my
firewall, and add a website as an exception on a site to site basis.

As do I, but many sites, that appear to be business oriented make use of
JS.

 

[kurttrail]

As do I, but many sites, that appear to be business oriented make use
of JS.

If they're in business all the more reason to cater to the needs of
their customers!

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"

 

[Mike Hall \(MS-MVP\)]

Richard

I think that the vendor should be responsible for this.. it would not take
long to ensure that each computer is appropriately set up.. as it stands,
the only service you get after paying your money is a 'carry to your car'
service..

--
Mike Hall
MVP - Windows Shell/User

 

[kurttrail]

The US Government has proved time and time again that they cannot
manage or develop code. Two perfect examples are the US Air
Traffic system and the FBI's recent "Money Pit" coding effort. It's
interesting that even today, Air travel is controlled by basically
1960's technology. The FAA has made numerous attempts to modernize,
and almost every "State-of-the-Art" system can't measure up to those
older systems.
Perhaps you meant to pump money into non-government channels,
but the end result will be the same.

PERHAPS! That is exactly what I mean! I wouldn't trust the gov't any
more than I trust MS! In order to keep my computer system secure, I
would never use a MS security product.

Magnificent Charts, Graphs, &
administration - but little significant coding.

LOL! Not if the money was given to Open Source developers.

At least for now MS
still keeps the bulk of it's development work in the US.
Software is evolutionary - Starting from Scratch is nearly impossible.

LOL! Sometimes you need to go pass Go, and collect your $200. When it
comes to writing more secure code perhaps someone needs to start from
scratch, and write secure code from the bottom up, instead of the
piecemeal patching that is going on in MS code and UNIX/LINUX.

Trace the roots of all browsers - none are built from the ground up,
all have the same "Family Tree".

And maybe that is the problem! Maybe that is why none of the existing
browsers are ever gonna be more than a patchwork quilt, that always is
in need of another patch!

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"

 

[kurttrail]

As people often say about Internet Explorer - It should just be safe
by default! The same applies to Firefox as well.

I agree! And all bathtubs should have a slip-resistent surface!
Unfortunately, that is not always the case.

The inexperienced user (about 90% of all users) shouldn't have to go
in and change settings to protect his computer.

Again, I agree.

Grandma and Grandpa go and get a new computer so they can chat with
their grand children on the other side of the world. Within minutes
of going on-line their computer begins to get infected. Then they
click on links sent from their grand children, because they really
want so see what their relatives are so excited about, and they get
infected some more. After about 3-4 weeks I get a call where I have
to spend an inordinate amount of time cleansing their computer and
trying to lock it down.
It should have been locked down by default - right out of the box!

Again, I agree.

But just like the real world, people also need to learn not to rely on
businesses, gov'ts and organizations to keep their asses protected. It
is a part of being personally responsible for protecting one's own ass.
And wallowing in one's own ignorance, instead of acting proactively in
protecting one's own physical ass, property, and virtual ass, is just
asking for problems too.

Like right now, my inbox is being deluged with sober.p emails, besides
the virus writer, I blame the morons that left their computer open to it
too!

Ignorance is just an excuse for being lazy selfish a**hole!

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"

 

[Richard Urban]

MailWasher is has tagged about 75 incoming so far today. I feel sorry for
those who don't know how to take the requisite steps to protect themselves,
or the will power to follow through on what they know they shouldn't do!

--
Regards,

Richard Urban

aka Crusty (-: Old B@stard

If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

 

[Mark Randall]

Good for them... they are also their to provide the most funtional websites,
and more often than not that includes some kind of scripting

Go figure.

 

[Leythos]

If they're in business all the more reason to cater to the needs of
their customers!

But JS is only a threat to the ignorant, not to people that have
properly configured systems.

 

[Joan Archer]

Did you pick up the new version 5 today ?
Joan

 

[Richard Urban]

No! Thank you for the heads up.

--
Regards,

Richard Urban

aka Crusty (-: Old B@stard

If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

 

[Joan Archer]

Your welcome.
Joan

No! Thank you for the heads up.

 

[Ann Watson]

My main complaint with FF is that some web pages NEVER complete downloading,
even after five minutes. In IE the same page indicates "download complete"
within a couple of seconds. And these are major news sites such as CBS news,
ABC news etc.

I use FF and don't have those problems with such sites as CBS news, ABC
news which indicates the problem is yours and not native to FF.

Ann Watson