A massive, possibly unpatchable, series of Javascript vulnerabilities in Firefox were discovered by a pair of hackers and acknowledged by Mozilla, it was reported Monday in the article below. http://software.silicon.com/security/0,39024655,39162882,00.htm Although FF is still safer than IE, it looks like Opera is the only viable, secure browser available. Firefox' NoScript addon provides a quasi-workaround, but it's more like an IE-style fudge than a real fix and it won't help should a "trustworthy" website try to pull some stunts. Nor is it really practical to disable Javascript with most websites. Until and if this is fixed, Firefox is done.
Thanks. Well, that's a relief. I guess there's egg on my face. Although FF has had its share of JS vulnerabilities, I still love it and feel it to be one of the safest browsers available. P.S. No crashes on 1.5.0.7 lately either. YAY! Ahem, knock on wood...
if Microsoft are able to still keep patching their inherently security-flawed OS's, i very much doubt the likes of Firefox is 'unpatchable'. I spend most time in Linux anyway, so for one i don't have to suffer a daily barrage of Windows security flaws, and for two i have a handful of browsers available if one of them has a hissy fit. For instance Firefox (now and then) gives me grief on my laptop, for now i just use one of a few other browsers until such time as the bug is fixed (i get updates for Mandriva Linux most days, ALL installable with no rebooting hehe) or until i get around to looking at why the browser crashes..
Here's the lowdown on the story : CLICK! I personally tried to mess around with this right after their little presentation was posted up on usenet, and though it makes for several system or browser crashing exploits, as far as i could see this flaw doesn't enable you to gain access to the target, hence it could be used as a nasty prank, but nothing more.
