Jump to content
pixiepistlz

Mozilla denies New Firefox Bug is Security Risk

Recommended Posts

I have just yesterday reformatted my computer......

Right after downloading Firefox as my browser again as I was putting everything back on after wiping it clean, up pops a Trojan warning from Avast.....

Now since yesterday, that makes a total of 3 Trojans and a few adwares...GEEZELOUISE!

Needless to say, I am uninstalling it ASAP. As I was poking around in Google , I came across this new article on Mozilla and their denials.....

I say, its  :bs: I know where I am getting these Trojans and why my Firefox crashes from time to time!  :tickedoff:

Mozilla denies new Firefox bug is security risk

Hackers trawling for clues in Bugzilla tracker, say some Firefox developers

By Gregg Keizer

July 20, 2009 09:41 PM ET

Computerworld - Mozilla is denying that a bug that crashes Firefox 3.5 is a security vulnerability, countering earlier reports that the company's latest browser contained a flaw even though it had just been patched.

In a Sunday post to Mozilla's security blog, Mike Shaver, the company's vice president of engineering, said that the bug, which had originally been disclosed on the milw0rm hacker site, is not a vulnerability. "The reports by press and various security agencies have incorrectly indicated that this is an exploitable bug," Shaver said. "Our analysis indicates that it is not, and we have seen no example of exploitability."

Exploit code hit milw0rm last Wednesday. Firefox developers immediately logged the bug into Bugzilla, Mozilla's change- and bug-tracking database.

The bug, continued Shaver, does crash Firefox 3.5 -- and the recently-released 3.5.1 -- in some situations. But there's no way for an attacker to exploit that by injecting malicious code on the machine. The bug can crash Windows, Mac and Linux editions of Firefox, including Firefox when it's being run on the still-unfinished Windows 7.

Both Shaver in his blog post and developers on Bugzilla noted that the Firefox crash on Macs was due to a flaw in Apple's operating system, specifically the ATSUI system library. "We have reported this issue to Apple, but in the event that they do not provide a fix we will look to implement mitigations in Mozilla code," Shaver said.

Mozilla developer Vladimir Vukicevic countered that it was unlikely Apple would fix the problem. "We've reported this and similar bugs in the past to Apple; they have so far had no interest in fixing such bugs in their font rendering subsystems, especially if they're in ATSUI and not CoreText," said Vukicevic on Bugzilla.

Another Mozilla hand suggested that the Mac OS X bug may affect other browsers as well. "Chances are more applications use the same buggy API (Safari? Chrome?)," Andreas Gal said. Gal, a project scientist at the University of California-Irvine, was a key contributor to the TraceMonkey JavaScript engine that Mozilla added to Firefox with Version 3.5.

Just last Thursday, Mozilla patched Firefox 3.5 for the first time, issuing a fix for a critical vulnerability in TraceMonkey's just-in-time (JIT) compiler. In the run-up to creating a fix for that flaw, Mozilla developers speculated that the hacker had dug through Bugzilla to find information that helped him exploit the vulnerability.

Mozilla repeated the charge in the entry for the newest bug. "Sam and Reed think that someone might be trawling Bugzilla in order to develop exploits," said Mike Beltzner, the director of Firefox, in a comment added to the Bugzilla thread. "Not sure what to do about that." The same hacker who posted exploit code last week was one of two who claimed to have created the newest attack code.

Gal declined to suggest solutions about hacker trawling. "I am not comfortable talking about what goes wrong and why since that might reveal other, potentially even more severe problems in some cases," he said.

There is as yet no fix for the crash bug now being investigated.

According to Mozilla's Web site, it's planning to release another update to Firefox -- tagged as 3.5.2 -- by the end of this month or in early August. 

Source:

http://www.computerworld.com/s/article/9135699/Mozilla_denies_new_Firefox_bug_is_security_risk?taxonomyId=85

Share this post


Link to post
Share on other sites

And I am guessing you got FireFox from  http://www.mozilla.com/en-US/ 

And Avast from  http://download.cnet.com/Avast-Home-Edition/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button

And do you run a software FireWall ?    And please not Windoze Firewall.

Hopefully you do not have an infected file that you backed up and restored.

Share this post


Link to post
Share on other sites

Yes , I use Windows Firewall.

Avast.....got from Filehippo website

same for Firefox.

My cursor jumps all over the page and 2 more Trojans just popped up......I am ready to tear out my hair.

I DL'd Maxthon as my browser and I also have IE8.

So, should I wipe it clean again and use my CD's or what should I do then? I used the internal restore yesterday.

Share this post


Link to post
Share on other sites

Yes , I use Windows Firewall.

Avast.....got from Filehippo website

same for Firefox.

My cursor jumps all over the page and 2 more Trojans just popped up......I am ready to tear out my hair.

I DL'd Maxthon as my browser and I also have IE8.

So, should I wipe it clean again and use my CD's or what should I do then? I used the internal restore yesterday.

Would you like to post a HiJackThis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

log here in this thread

or use the automated site.. Just to see whats running that might be bad in there.

http://www.hijackthis.de/

And put up a real firewall that should stop the crapware from getting out and calling for reinforcements. Windozes is only for inbound.

Try free comodo firewall. http://personalfirewall.comodo.com/download_firewall.html

You can just install the firewall portion and uncheck about 3 things(toolbars and search engine preference and anti-virus) when installing.

You have got to cut down on becoming an expert reformatter.  :lol:

Share this post


Link to post
Share on other sites

DL Comodo now......

HiJack this automated site says I have no firewall nor any antivirus.....

WTF? corrupted files ? I have both.

I know something is wrong in Mayberry and I need to know how to proceed to get this nasty little bug off ASAP! If someone in here has had similar issues, please help as its the only puter I have and I would  :cry: if it died!  :sad::angry::buck2::!::sad2::binkybaby::angry9:

Share this post


Link to post
Share on other sites

I am back from reformatting again ...with my discs like the first time I ever did it ( this is my 3rd now.    :roll:  ...its after 4 am and I am going to bed.......My puter seems to be running smoother and the Comodo is installed after being wiped clean....only thing is that after I got back online, my mouse cursor disappeared and it acted like I had right clicked the mouse when I had not and the little screen appears.....can my mouse or keyboard be infected ? or does the virus scans take care of that when they run? Just curious..... :buck2:

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...