Author Options:

A look at recent FireFox 3 vulnerabliities...Heads up Answered

True to form, Billy Rios promised a more in depth look at the MSFA2008-35 vulnerability which is another protocol handler flaw in Firefox 3. As previously reported here, this was another protocol handler flaw that led to arbitrary remote command execution, and is especially dangerous since it can be deployed widely through the use of a cross-site scripting attack vector. Note, Firefox3 no longer registers the Gopher protocol handler, which is a great security decision.

Site Link - ZDNet


Can you rephrase that into the vernacular, please?

The flaw allows one to pass a URL to redirect to another site then the one called.

So, for example, one could type in www.google.com and wind up on www.winfreestuff.com?

Or they may be able to misdirect you from www.myfavorite_place.com to www.porn-n-spamUnlimited.com

www.winfreestuff.com was meant to sound like a spam site ;-)

Oh ok sorry, I guess I was thinking a little worse than "just spam". Some of the other sites are relentless in the popups and garbage, when you get redirected there...*sigh*

I got a simple fix for that, apply hand to power cord then yank hard.... <> works every time... I know what you mean thousands of windows that just open on there own it does get annoying after a few seconds....

Nothing is worse then it happening at work.......oh that is frustrating.

I have a few programs that "end all active" windows immediately, as well as the option to block all internet activity, with a click on the firewall :-) It is easier on the hardware too :-)

Got any links to good firewall programs for download? Free would be nice, even if they aren't the best, long as I can shut down the vulnerable ports.

Zone Alarm, in my opinion, is one of THE best freebies, as I said below where I provide the link, I liked it so much, I got the paid version :-)

It seems like there is a chasm between those that like certain ones and those that like others, so be forewarned, what I like may not suite you.

Once I got fed up with NORTON and it's very invasive and slow moving firewall, I switched to ZoneAlarm, now owned by Check Point which is the same company used where I work. I started with the free firewall and liked it so much I payed for the full version even though the free one was very adequate.


Negative feedback to CNET about: PC Tools Plus Firewall
PC Tools Firewall Plus Free Edition

Leaves incoming ports open, use Zonealarm
by: link48010 on 08-Jun-2008 05:25:18 PM

Pros: Easy to use and very unintrusive (unless code injection is turned on)

Cons: It leaves several incoming ports open.

OutPost Pro

Pros: I use Agnitum from the beginning and i am never disappointed, the firewall is robust, the antivirus and antispyware is updated every hour if needed. The suite works great and has a lot of filters and it have also HIPS and IDS that makes it for malware an extremely difficult operation to infect you unless you are an unsafe surfer even then the firewall makes it's own choose.

Cons: The first scan tookes too long for scanning 1.16 gb with 3 gb memory and an 64 bit processor it tookes 82 minutes. The antivurs/antispyware has not so much tuning you can only scan for embedded ole and heuristic thats all but thats the only thing i don't like.

AVG FIrewall I have heard good, bad and indifference from this one. *shrug*

Most did not like Panda ....

McAfee IS Suite

Pros: Well, if it had a better firewall it would be a good security suite. It has a good anti-virus, above average anti-spyware and a fun to play with but a passive firewall that doesn't do well in penetration teats, can easily be bypassed and, or disabled and it never asked me a single question, not one. If a firewall doesn't ask, I get worried that it's sub par. This is the weak point of this suite.

Cons: Site Adviser is free. There are far better free firewalls then the one in this suite. It misses some infections and can't kill some others. One of my best friends was McAfee since 2007, Her computers were running poorly. I talked her into trying my first choice in a security suite and it found 16 infections, Two were trojans, one virus and the rest were spy cookies. For myself, I'll stick with KIS and Ashampoo anti-spyware v2.Firewall is the weak point. It can be disabled or bypassed by a hacker. Doesn't flash warnings or ask questions like I'd expect.

and on and on....the list is long :-)

I learned to unhook the phone line pretty fast, had a 5-way phone connector (modem + answering machine + phone etc) right at hand. Taught me real fast to be real careful visiting... certain sites.

The old AST 100MHz Pentium, dial-up of course, and suddenly when trying to leave a site... It was a race, if I would unhook the line in time or the machine would crash. Then there were twenty or so browser windows, that were still trying to load, to close down with the machine... working... very... sl.. ow... l... y...................

dammit...... I must watch out....

The alternative can be very distressing too *sigh*


9 years ago

I use No-Script.

Yes, it blocks all scripts (Ajax, Java- &c), except for the websites you whitelist.
http://noscript.net/ there's usually an update for it at least once a month.


9 years ago

hahahah I love Caddy Shack!