125Views20Replies

Author Options:

A look at recent FireFox 3 vulnerabliities...Heads up Answered


True to form, Billy Rios promised a more in depth look at the MSFA2008-35 vulnerability which is another protocol handler flaw in Firefox 3. As previously reported here, this was another protocol handler flaw that led to arbitrary remote command execution, and is especially dangerous since it can be deployed widely through the use of a cross-site scripting attack vector. Note, Firefox3 no longer registers the Gopher protocol handler, which is a great security decision.

Site Link - ZDNet

Discussions

0
None
Labot2001

10 years ago

Can you rephrase that into the vernacular, please?

0
None
GoodhartLabot2001

Reply 10 years ago

The flaw allows one to pass a URL to redirect to another site then the one called.

0
None
Labot2001Goodhart

Reply 10 years ago

So, for example, one could type in www.google.com and wind up on www.winfreestuff.com?

0
None
GoodhartLabot2001

Reply 10 years ago

Or they may be able to misdirect you from www.myfavorite_place.com to www.porn-n-spamUnlimited.com

0
None
Labot2001Goodhart

Reply 10 years ago

www.winfreestuff.com was meant to sound like a spam site ;-)

0
None
GoodhartLabot2001

Reply 10 years ago

Oh ok sorry, I guess I was thinking a little worse than "just spam". Some of the other sites are relentless in the popups and garbage, when you get redirected there...*sigh*

0
None
Big BwanaGoodhart

Reply 10 years ago

I got a simple fix for that, apply hand to power cord then yank hard.... <> works every time... I know what you mean thousands of windows that just open on there own it does get annoying after a few seconds....

0
None
GoodhartBig Bwana

Reply 10 years ago

Nothing is worse then it happening at work.......oh that is frustrating.

0
None
GoodhartGoodhart

Reply 10 years ago

I have a few programs that "end all active" windows immediately, as well as the option to block all internet activity, with a click on the firewall :-) It is easier on the hardware too :-)

0
None
forgesmithGoodhart

Reply 10 years ago

Got any links to good firewall programs for download? Free would be nice, even if they aren't the best, long as I can shut down the vulnerable ports.

0
None
Goodhartforgesmith

Reply 10 years ago

Zone Alarm, in my opinion, is one of THE best freebies, as I said below where I provide the link, I liked it so much, I got the paid version :-)

0
None
Goodhartforgesmith

Reply 10 years ago

It seems like there is a chasm between those that like certain ones and those that like others, so be forewarned, what I like may not suite you.

Once I got fed up with NORTON and it's very invasive and slow moving firewall, I switched to ZoneAlarm, now owned by Check Point which is the same company used where I work. I started with the free firewall and liked it so much I payed for the full version even though the free one was very adequate.

0
None
GoodhartGoodhart

Reply 10 years ago

Recommendations:

Negative feedback to CNET about: PC Tools Plus Firewall
PC Tools Firewall Plus Free Edition

Leaves incoming ports open, use Zonealarm
by: link48010 on 08-Jun-2008 05:25:18 PM

Pros: Easy to use and very unintrusive (unless code injection is turned on)

Cons: It leaves several incoming ports open.



OutPost Pro

Pros: I use Agnitum from the beginning and i am never disappointed, the firewall is robust, the antivirus and antispyware is updated every hour if needed. The suite works great and has a lot of filters and it have also HIPS and IDS that makes it for malware an extremely difficult operation to infect you unless you are an unsafe surfer even then the firewall makes it's own choose.

Cons: The first scan tookes too long for scanning 1.16 gb with 3 gb memory and an 64 bit processor it tookes 82 minutes. The antivurs/antispyware has not so much tuning you can only scan for embedded ole and heuristic thats all but thats the only thing i don't like.



AVG FIrewall I have heard good, bad and indifference from this one. *shrug*



Most did not like Panda ....



McAfee IS Suite

Pros: Well, if it had a better firewall it would be a good security suite. It has a good anti-virus, above average anti-spyware and a fun to play with but a passive firewall that doesn't do well in penetration teats, can easily be bypassed and, or disabled and it never asked me a single question, not one. If a firewall doesn't ask, I get worried that it's sub par. This is the weak point of this suite.

Cons: Site Adviser is free. There are far better free firewalls then the one in this suite. It misses some infections and can't kill some others. One of my best friends was McAfee since 2007, Her computers were running poorly. I talked her into trying my first choice in a security suite and it found 16 infections, Two were trojans, one virus and the rest were spy cookies. For myself, I'll stick with KIS and Ashampoo anti-spyware v2.Firewall is the weak point. It can be disabled or bypassed by a hacker. Doesn't flash warnings or ask questions like I'd expect.

and on and on....the list is long :-)

0
None
forgesmithBig Bwana

Reply 10 years ago

I learned to unhook the phone line pretty fast, had a 5-way phone connector (modem + answering machine + phone etc) right at hand. Taught me real fast to be real careful visiting... certain sites.

The old AST 100MHz Pentium, dial-up of course, and suddenly when trying to leave a site... It was a race, if I would unhook the line in time or the machine would crash. Then there were twenty or so browser windows, that were still trying to load, to close down with the machine... working... very... sl.. ow... l... y...................

0
None
DJ Radio

10 years ago

dammit...... I must watch out....

0
None
GoodhartDJ Radio

Reply 10 years ago

The alternative can be very distressing too *sigh*

0
None
ll.13

10 years ago

I use No-Script.

0
None
ll.13Goodhart

Reply 10 years ago

Yes, it blocks all scripts (Ajax, Java- &c), except for the websites you whitelist.
http://noscript.net/ there's usually an update for it at least once a month.

0
None
bumpus

10 years ago

hahahah I love Caddy Shack!