Announcement

Collapse
No announcement yet.

New Firefox security flaw

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    New Firefox security flaw

    I just read this and thought maybe others would find it useful:
    http://www.linux.com/feature/118166

    I tried the demo/proof of concept of the vulnerability risk and it read my rassword and username back to me.
    scarry >
    HP Pavilion dv6 core i7 (Main)
    4 GB Ram
    Kubuntu 18.10

    #2
    Re: New Firefox security flaw

    Install the no-script addon and use it. Yes, I agree it can be a PITA, but if you can save you in many ways, not just making you invulnerable to that exploit.

    Comment


      #3
      Re: New Firefox security flaw

      I love NoScript, one my required extensions on Firefox.

      Comment


        #4
        Re: New Firefox security flaw

        Yeah it is great, but adding / subtracting allowed http's can be a pain with time. They should just plug the hole. It does help though
        HP Pavilion dv6 core i7 (Main)
        4 GB Ram
        Kubuntu 18.10

        Comment


          #5
          Re: New Firefox security flaw

          If this hole was the only reason to use NoScript, I wouldn't have had it installed already. I love it because all those horrible horrible misuses of Flash don't auto-play and assault me, and I can quickly assess how stupid the web designers for a particular site are based on how well the site functions without the scripts and flash enabled. I can temporarily enable a site if I trust it and I need the functionality that the script fills in the page, and if I'm sure I'll be back and their use of script is safe, I can then add the site to the list.

          The only problem I've ever really had with it is when sites use five different domains to serve up their content, then have another five for evil evil script and flash based ads all over the page, so it's hit and miss on enabling the function I need without enabling a flash based ad. Also, when sites insist on being evil and serving me a pop up window to another web site that doesn't give me my menu, navigation and bookmark bars, as I used to keep my NoScript status/options button up next to my Google search field. After a few dozen poorly designed sites I needed to figure out how to force into cooperation screwed me over, I had to just give in and use the NoScript button in the status bar instead. I don't like that as I've already got other things down there that I can't put elsewhere, so it's starting to get annoyingly cluttered down there.

          When I can beat all the poor web designers into submission and make them get a job in a new field as they clearly suck in their current one, I can stop using NoScript, but as long as the morons continue to get the jobs and I'm ignored because no one will look at my actual skills and instead want me to have a college degree in a subject that colleges are absolutely and utterly inept at covering, the web is not safe without NoScript. Meh.

          Comment


            #6
            Re: New Firefox security flaw

            those horrible horrible misuses of Flash don't auto-play and assault me
            totally agree. I have been designing apps and pages in flash for a while.

            had with it is when sites use five different domains to serve up their content

            That is (was) part of search engine placement strategy. Most SE's (used) like to have as many back links to a page to prove their popularity and thus get a higher ranking. People used to call it Internet marketing! But as old habits die hard.......

            When I can beat all the poor web designers into submission and make them get a job in a new field as they clearly suck in their current one, I can stop using NoScript, but as long as the morons continue to get the jobs and I'm ignored because no one will look at my actual skills and instead want me to have a college degree in a subject that colleges are absolutely and utterly inept at covering, the web is not safe without NoScript. Meh.
            You are on a roll. and probably right. I thought that when I visited your site. Morons will always be just that. To quote an old saying:
            Don't let the turkeys get you down.

            You can't beat anyone into submission, unless of course they like that that is a different subject)

            What you can do is enjoy what you are doing, learn from others mistakes, apply it to your skills and go for it.

            The competition in CA. is huge, to put it mildly but heh, if you want to give the web back some sanity you'll just have to deal with some insanity and stick with a consciously sincere and right attitude towards your clients and theirs. Tough but doable. By the way the states is not the only market

            Just my 2c's

            Cheers
            F


            HP Pavilion dv6 core i7 (Main)
            4 GB Ram
            Kubuntu 18.10

            Comment


              #7
              Re: New Firefox security flaw

              noscript has a major flaw I have come across, possibly a killer. When several sites are chained together, say when purchasing something, you find that on site A you click Buy and that redirects to site B to process the transaction, but site B is not allowed to run scripts. By the time you realize that, your whole transaction is in an indeterminate state and you can't just allow scripts and refresh the page. Yeuk!

              Comment


                #8
                Re: New Firefox security flaw

                I h :Pave seen that as well

                Comment


                  #9
                  Re: New Firefox security flaw

                  Originally posted by Mike0001
                  noscript has a major flaw I have come across, possibly a killer. When several sites are chained together, say when purchasing something, you find that on site A you click Buy and that redirects to site B to process the transaction, but site B is not allowed to run scripts. By the time you realize that, your whole transaction is in an indeterminate state and you can't just allow scripts and refresh the page. Yeuk!
                  That problem isn't a flaw in NoScript, it's a flaw in the design and set up of the shopping cart and payment system for various websites. Not telling the users before they get to the shopping cart that the cart system is on a completely different website is a security risk, and being inclined to trust it just because the website you're ordering from trusts it is a security risk. The whole point of NoScript is to make your web browsing experience safe, and to make you aware of possible security flaws like visiting domain x, but domain a, b and c all want to put their script all over the page. Unless domain x tells you that they're partnered with a, b and c, how do you know it's safe?

                  Common shopping cart systems like Paypal and Google Checkout will end up in your safe domains list after a visit or two if you trust them, which solves a majority of this problem. Also, I've been submitting a lot of online job applications lately, and a lot of the companies outsource to a different agencies that "specializes" in online recruitment. I've lost count of how many times I've had to enable five different sites that the company I'm applying to never mentions on their website as being related to their job recruiting process until after I'm not able to function on their site, or I get yelled at for having javascript and cookies disabled. Meh. At any rate, I haven't had any of them frell up on me when I've had to reload the page to enable scripts on their domain, so if a job recruitment site run by morons who think that IE is the only web browser they need to work for, then any shopping cart system safe enough for you to be trusting your personal information to will make it through a reload for enabling scripts too.

                  Comment

                  Working...
                  X