Mozilla denies New Firefox Bug is Security Risk

[pixiepistlz]

I have just yesterday reformatted my computer......

Right after downloading Firefox as my browser again as I was putting everything back on after wiping it clean, up pops a Trojan warning from Avast.....

Now since yesterday, that makes a total of 3 Trojans and a few adwares...GEEZELOUISE!

Needless to say, I am uninstalling it ASAP. As I was poking around in Google , I came across this new article on Mozilla and their denials.....

I say, its  I know where I am getting these Trojans and why my Firefox crashes from time to time! 

Mozilla denies new Firefox bug is security risk

Hackers trawling for clues in Bugzilla tracker, say some Firefox developers

By Gregg Keizer

July 20, 2009 09:41 PM ET

Computerworld - Mozilla is denying that a bug that crashes Firefox 3.5 is a security vulnerability, countering earlier reports that the company's latest browser contained a flaw even though it had just been patched.

In a Sunday post to Mozilla's security blog, Mike Shaver, the company's vice president of engineering, said that the bug, which had originally been disclosed on the milw0rm hacker site, is not a vulnerability. "The reports by press and various security agencies have incorrectly indicated that this is an exploitable bug," Shaver said. "Our analysis indicates that it is not, and we have seen no example of exploitability."

Exploit code hit milw0rm last Wednesday. Firefox developers immediately logged the bug into Bugzilla, Mozilla's change- and bug-tracking database.

The bug, continued Shaver, does crash Firefox 3.5 -- and the recently-released 3.5.1 -- in some situations. But there's no way for an attacker to exploit that by injecting malicious code on the machine. The bug can crash Windows, Mac and Linux editions of Firefox, including Firefox when it's being run on the still-unfinished Windows 7.

Both Shaver in his blog post and developers on Bugzilla noted that the Firefox crash on Macs was due to a flaw in Apple's operating system, specifically the ATSUI system library. "We have reported this issue to Apple, but in the event that they do not provide a fix we will look to implement mitigations in Mozilla code," Shaver said.

Mozilla developer Vladimir Vukicevic countered that it was unlikely Apple would fix the problem. "We've reported this and similar bugs in the past to Apple; they have so far had no interest in fixing such bugs in their font rendering subsystems, especially if they're in ATSUI and not CoreText," said Vukicevic on Bugzilla.

Another Mozilla hand suggested that the Mac OS X bug may affect other browsers as well. "Chances are more applications use the same buggy API (Safari? Chrome?)," Andreas Gal said. Gal, a project scientist at the University of California-Irvine, was a key contributor to the TraceMonkey JavaScript engine that Mozilla added to Firefox with Version 3.5.

Just last Thursday, Mozilla patched Firefox 3.5 for the first time, issuing a fix for a critical vulnerability in TraceMonkey's just-in-time (JIT) compiler. In the run-up to creating a fix for that flaw, Mozilla developers speculated that the hacker had dug through Bugzilla to find information that helped him exploit the vulnerability.

Mozilla repeated the charge in the entry for the newest bug. "Sam and Reed think that someone might be trawling Bugzilla in order to develop exploits," said Mike Beltzner, the director of Firefox, in a comment added to the Bugzilla thread. "Not sure what to do about that." The same hacker who posted exploit code last week was one of two who claimed to have created the newest attack code.

Gal declined to suggest solutions about hacker trawling. "I am not comfortable talking about what goes wrong and why since that might reveal other, potentially even more severe problems in some cases," he said.

There is as yet no fix for the crash bug now being investigated.

According to Mozilla's Web site, it's planning to release another update to Firefox -- tagged as 3.5.2 -- by the end of this month or in early August. 

Source:

http://www.computerworld.com/s/article/9135699/Mozilla_denies_new_Firefox_bug_is_security_risk?taxonomyId=85

[zalternate]

And I am guessing you got FireFox from  http://www.mozilla.com/en-US/ 

And Avast from  http://download.cnet.com/Avast-Home-Edition/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button

And do you run a software FireWall ?    And please not Windoze Firewall.

Hopefully you do not have an infected file that you backed up and restored.

[pixiepistlz]

Yes , I use Windows Firewall.

Avast.....got from Filehippo website

same for Firefox.

My cursor jumps all over the page and 2 more Trojans just popped up......I am ready to tear out my hair.

I DL'd Maxthon as my browser and I also have IE8.

So, should I wipe it clean again and use my CD's or what should I do then? I used the internal restore yesterday.

[zalternate]

Yes , I use Windows Firewall.

Avast.....got from Filehippo website

same for Firefox.

My cursor jumps all over the page and 2 more Trojans just popped up......I am ready to tear out my hair.

I DL'd Maxthon as my browser and I also have IE8.

So, should I wipe it clean again and use my CD's or what should I do then? I used the internal restore yesterday.

Would you like to post a HiJackThis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

log here in this thread

or use the automated site.. Just to see whats running that might be bad in there.

http://www.hijackthis.de/

And put up a real firewall that should stop the crapware from getting out and calling for reinforcements. Windozes is only for inbound.

Try free comodo firewall. http://personalfirewall.comodo.com/download_firewall.html

You can just install the firewall portion and uncheck about 3 things(toolbars and search engine preference and anti-virus) when installing.

You have got to cut down on becoming an expert reformatter. 

[pixiepistlz]

DL Comodo now......

HiJack this automated site says I have no firewall nor any antivirus.....

WTF? corrupted files ? I have both.

I know something is wrong in Mayberry and I need to know how to proceed to get this nasty little bug off ASAP! If someone in here has had similar issues, please help as its the only puter I have and I would  if it died! 

[pixiepistlz]

I am back from reformatting again ...with my discs like the first time I ever did it ( this is my 3rd now.      ...its after 4 am and I am going to bed.......My puter seems to be running smoother and the Comodo is installed after being wiped clean....only thing is that after I got back online, my mouse cursor disappeared and it acted like I had right clicked the mouse when I had not and the little screen appears.....can my mouse or keyboard be infected ? or does the virus scans take care of that when they run? Just curious.....

[wknight40]

So it may not be Firefox causing the problem after all?  I have Firefox on my Mac and windows partition of the Mac.  Have not had any problems on either.

[sparky]

Never had an issue with firefox myself, I do a lot of browsing and its pretty stable, I do use No Script as a precaution also which help stop any scripts from running I am not sure about.

[monsnet2k8]

Since installation on release day, I've had no issues whatsoever.. It has not crashed on me yet!!

the previous version crashed often!

[sparky]

The only thing you can do is download all of your software from respected sources!

[pixiepistlz]

Filehippo is where I download from.