Poslao: 28 Sep 2005 12:22
|
offline
- teacher
- Legendarni građanin
- Pridružio: 12 Sep 2003
- Poruke: 2839
- Gde živiš: Kotor
|
Computer code that could let attackers take complete control over computers cruising the Web with unpatched versions of the Firefox Internet browser has been released, so if you're using Firefox and haven't upgraded to the latest version, do it now. The exploit also applies to the latest version of Netscape, but Netscape has not yet released a fix for this problem.
This is not your run-of-the-mill proof of concept exploit code. It appears to be quite comprehensive, and would allow any attacker to use it with only slight modifications. According to the advisory, the code is designed to be embedded in a Web site so that any computer visiting the evil site with Firefox or Netscape would open up a line of communication with another Internet address of the attacker's choice, effectively letting the bad guys control the victim computer from afar.
Dave Kennedy over at Cybertrust had roughly the same impression that I did about the severity of this exploit and flaw.
"If this were [Microsoft's Internet Explorer], I'd expect to see [the exploit] in spyware," Kennedy said. "With Firefox it's possible someone could try to make a point by doing something big."
Kennedy was referring to the heated debate in the security community over whether Firefox is any more secure than IE, a debate fanned by the release last week of a report pointing out that Firefox has fixed twice as many security flaws as IE so far this year.
Izvor: blogs.washingtonpost.com
|
|
|
Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
|
|
Poslao: 28 Sep 2005 18:54
|
offline
- stefke_W_
- Super građanin
- Pridružio: 16 Jun 2005
- Poruke: 1251
- Gde živiš: Podgorica
|
za firefox je u toku prošle god otkriveno 25 propusta a ua IE samo 12
|
|
|
|
Poslao: 28 Sep 2005 19:13
|
offline
- pixxel
- Legendarni građanin
- Pridružio: 21 Jun 2005
- Poruke: 9091
- Gde živiš: Tu i tamo...
|
Da, ali su za firefox vecina bili low priority i tesko ostvarivi u praksi, dok su za ie skoro svi bili critical (pogledaj malo http://www.secunia.com )
I za svaki od tih propusta, firefox je u roku od par sati izbacivao zakrpu, a u roku od najvise desetak dana novu verziju. A kad je bio poslednji update za IE??? Poslednji put sa service packom 2...
Necemo ovde po stoti put kritikovati ni mozillu ni ie ni operu, i nije mi to namera. Kome se ne svidja sto ima gresaka, neka napravi sam svoj browser, pa da vidimo koliko ce biti siguran i nepropusan. Na mozilli radi skoro 100 ljudi i to samo u najuzem delu, same mozille.a koliko ih jos radi na dodacima, prevodima... Ista stvar je sa operom, mnogo ljudi radi za dzabe (ne racunajuci prihod od majica, solja i ostaloga. Opera je tu bolje stajala, ali sad kao besplatna ce videti kako se krvavo 'leb zaradjuje...) a ie, koliko god besplatan bio, skoro svako plati uz svoj windows, i tu nema poredjenja... Nikako.
P.S. evo linkova pa da uporedimo propuste:
IE: http://secunia.com/product/11/ - 86 Propusta/20 Nema ispravku (Microsoft Internet Explorer 6.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Highly critical)
MF: http://secunia.com/product/4227/ - 24 Propusta/3 nema ispravku (Mozilla Firefox 1.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Less critical)
OP: http://secunia.com/product/4932/ - 0 Propusta/0 nema ispravku (The Secunia database currently contains 0 Secunia advisories marked as "Unpatched", which affects Opera 8.x.)
|
|
|
|
|
Poslao: 28 Sep 2005 20:31
|
offline
- KOLE89
- Počasni građanin
- Pridružio: 26 Jun 2004
- Poruke: 732
- Gde živiš: Altina, Zemun
|
Zanima me gde mogu da vidim da li je FireFox koji ja koristim ranjiv
|
|
|
|
Poslao: 30 Sep 2005 00:25
|
offline
- MANA
- Ugledni građanin
- Pridružio: 18 Avg 2005
- Poruke: 475
- Gde živiš: Kući
|
I mene interesuje. Vecjina tih online testova zahteva activex da bi funkcionisali, a firefox ne podrzhava activex...
|
|
|
|
|
Poslao: 27 Nov 2005 17:47
|
offline
- Pridružio: 26 Jun 2005
- Poruke: 139
- Gde živiš: Beograd
|
kako vam ne dosadi da se vechno prepucavate oko tih nebuloza ???
|
|
|
|
Poslao: 27 Nov 2005 17:50
|
offline
- m4rk0
- Administrator
- Administrator tech foruma
- Marko Vasić
- Gladijator - Maximus Decimus Meridius
- Pridružio: 14 Jan 2005
- Poruke: 15766
- Gde živiš: Majur (Colosseum)
|
ovo ide pod lock da bi se izbegao potencijalni flame.
|
|
|
|