Page 3 of 4 FirstFirst 1 2 3 4 LastLast
Results 41 to 60 of 77

Thread: Browsers

  1. #41
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb Phishing vulnerability

    Phishing potentiality affects Safari, Firefox password storage

    Heise Security reports on a phishing vulnerability caused by Firefox's password manager. In a nutshell, because Firefox has the ability to store field entries so it can automatically insert usernames and passwords for previously visited Web sites, maliciously crafted sites can coax the information out and trick the user into submitting (or automatically submit) the private data.

    The phishing mechanism, as demonstrated, also affects Safari and the Mac OS X Keychain.

    Heise writes:

    "The trick is currently being used in at least one page on MySpace to send phished login data to a Lycos server.

    A test by heise Security's editors confirms the problem in Firefox: the browser enters the data into visited HTML documents with forms without checking their original location or the destination to which data is sent.

    Internet Explorer 7 does not demonstrate the same behaviour:
    when recording locations, it notes the subdirectory to which the form belongs. This makes phishing somewhat more complicated, since attackers must then plant a form into a trusted site; mind you, the flaws in many web sites mean that even this is no longer a major hurdle.

    The current version of Opera does not enter any data automatically. Users must instead select the appropriate login information with the magic wand."

    There is a demonstration of the flaw here.
    We were able to reproduce this bug in-house using both Firefox 2.0 and Safari 2.0.4 under Mac OS X 10.4.8.

    For Firefox, this situation can be prevented by simply going to the "Security" pane of the application's preferences and deselecting the "Remember passwords for sites."

    For Safari, it can be prevented by going to the "AutoFill" pane in the application's preferences and deselecting "User names and passwords."
    http://www.heise-security.co.uk/serv...oz/pass1.shtml

  2. #42
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb New Firefox engine

    Might want to look at what Firefox 3.0 is up to:
    Gran Paradiso

    Also, Shiira 2.0 took another step forward - nice browser but still only "potential" and not useable.

  3. #43
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb FireFox pop-up vulnerability

    Firefox Popup Blocker Allows Reading Arbitrary Local Files
    http://www.securiteam.com/securitynews/5JP051FKKE.html

    Summary
    There is an interesting vulnerability in the default behavior of Firefox built-in popup blocker. This vulnerability, coupled with an additional trick, allows the attacker to read arbitrary user-accessible files on the system, and thus steal some fairly sensitive information.

    Vulnerable Systems:
    * Firefox version 1.5.0.9

  4. #44
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb Troubleshoot FireFox 2

    General troubleshooting and help:

    --> Firefox hangs - http://kb.mozillazine.org/Firefox_hangs
    --> KB: Reducing Memory Usage - http://kb.mozillazine.org/Reducing_m...sage_-_Firefox
    --> Plugdoc: Memory Usage FQA - http://plugindoc.mozdev.org/faqs/memusage.html

    Since at some point you are going to come back to FF2. "Work fine yesterday but not today", indicates that something was change in your user profile or some software or windows was automaticly updated. I am assuming that you did not change any of the default settings - doing this can cause all kinds of problems.

    (1) make sure that Java and Flash are current.
    (2) make sure that you are using the most current version of Firefox - 2.0.0.1 (2.0.0.2 is being released on the 20th)
    (3) resolve any issue that your profile is causing.
    ...... Fixing a bad Firefox User Profile
    step #1 ... Firefox safemode: http://kb.mozillazine.org/Safe_Mode
    step #2 ... Uninstall extensions manually: http://kb.mozillazine.org/Uninstalling_Extensions
    step #3 ... Create a new profile - See Step #6 - Standard Diagnostic
    --> Standard Diagnostic - http://kb.mozillazine.org/Standard_d..._%28Firefox%29

    (4) If creating a new profile does not solve the issue, then most likely, its something on your computer.

    http://kb.mozillazine.org/Default_br...lf_the_default
    _________________
    The screen wobbles up and down when i have a bookmark and on some other times.
    Try this: http://kb.mozillazine.org/Window_shakes
    _____________________
    According to this it has to do with whether UAC in enabled.
    http://kb.mozillazine.org/Default_br...lf_the_default
    _____________________
    Info on Safe Mode:
    http://kb.mozillazine.org/Safe_mode
    ______________________
    standard diagnostic steps:
    http://kb.mozillazine.org/Standard_d..._%28Firefox%29
    ______________________
    -> how to locate your profile folder
    ______________________

    Firefox does not protect you from virus or malware. if you don't already have a subscription most people would suggest you use the free version of AVG instead http://free.grisoft.com/
    AVG works fine, as does Avira.
    ________________________
    Standard diagnostic
    http://kb.mozillazine.org/Standard_d..._%28Firefox%29
    ____________________



    Last edited by TZ; 02-15-2007 at 08:00 AM.

  5. #45
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb Help with Firefox and Vista

    From the Firefox team:
    Please see my current post on the QA blog - http://weblogs.mozillazine.org/qa/ to see how you can help test Firefox on Windows Vista. We have an active QA channel on irc.mozilla.org (#vista) where you can come to test or talk about Vista issues. Don't forget we are also having a Firefox on Windows Vista Community Test Day this Friday, February 2nd. For more information about that event, please see http://wiki.mozilla.org/Mozilla_QA_C...unity_Test_Day

    Also, folks interested in helping us test Windows Vista on an ongoing basis, please send an email ping to marcia@mozilla.org and I will add you to our ever-growing Vista Testing list.
    _____________________

    When I attempt to install Firefox 2 I get a message stating that...This version of the file is not supported. Please check the system information to determine which 32-bit or 64-bit version then contact the vendor. This is the restated version. So the question is can we get Firefox compatible with Vista 64-bit. Since I upgraded to MS Vista, I miss Firefox ....

    A official 64 bit version of Firefox is not going to happen until (maybe) the release of FF3 in late 2007. This would also require the "plugin" folks to actually release 64 bit plugins and they are still trying to get out 32bit versions for vista out.

    Did you read the release notes for FF2.0.0.1 about "vista" A long list of "vista bugs" are being fixed with the release of FF 2.0.0.2 late this month (new target date is the 20th). I would not be surprise to see more "vista bug" fixes in 2.0.0.3 in April.

    http://www.mozilla-x86-64.com/download.html
    __________________
    Vista Home Premium
    Firefox 2.0.0.1
    The screen wobbles up and down when i have a bookmark and on some other times.
    Try this: http://kb.mozillazine.org/Window_shakes
    _____________________
    According to this it has to do with whether UAC in enabled.
    http://kb.mozillazine.org/Default_b...f_the_d efault
    _____________________
    Installed Vista on new hard drive. I was running XP before and I need help getting bookmarks abd passwords off

    http://kb.mozillazine.org/Migrating_..._a_new_profile

    This is a know vista bug in FF 2.0.0.1 that is being fixed in FF 2.0.0.2 .... the current solution is explained in the FF 2.0.0.1 release notes. Basicly, Firefox is not the default browser as far as Vista is concern, it's IE7

    read: http://www.mozilla.com/en-US/firefox...senotes/#vista

    FF2.0.0.2 release date is about the 20th.
    Last edited by TZ; 02-15-2007 at 07:57 AM.

  6. #46
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb

    Info on Safe Mode:
    http://kb.mozillazine.org/Safe_mode
    ______________________
    standard diagnostic steps:
    http://kb.mozillazine.org/Standard_d..._%28Firefox%29
    ______________________
    -> how to locate your profile folder
    ______________________
    Is there a mozilla version that works with 64 bit vista ultimate please?

    The standard 32 bit version should work
    _________________________
    Windows Vista - Netgear Router
    the internet connection is not being relayed back to the laptop.
    _________________________

    When I try to install Firefox I get this:
    Error opening file or writing: \r\n\r\nxpicleanup.exe\r\n\r\nClick Retry to try again, or\r\n\Cancel to stop installation.
    http://kb.mozillazine.org/Browser_wi......22_on_Vista
    _____________________

    http://kb.mozillazine.org/User.js_file
    _____________________

    FireFox Hanging:
    http://kb.mozillazine.org/Firefox_hangs

    100 % CPU usage makes Firefox unusable :-(
    You can read the other popular 100% CPU in Firefox 2 threads for some clues:
    http://forums.mozillazine.org/viewtopic.php?t=505192
    http://forums.mozillazine.org/viewtopic.php?t=494435

    and there's always the Knowledge Base article on Firefox CPU usage:
    Firefox CPU usage
    Last edited by TZ; 02-15-2007 at 07:52 AM.

  7. #47
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb FireFox install locations

    Firefox installs to 3 locations on W2K and WinXP.
    1. \Program Files\
    2. \Docs & Settings\user\Application Data\
    3. \Docs & Settings\user\Local Settings\Application Data\

    The second two for Windows Vista C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\\
    Make sure everything gets deleted including any empty folders. Also clear out the Temporary Internet Files before downloading Firefox again, just to make sure you're getting a fresh download. Hopefully that will work for you.

  8. #48
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb Malware, spyware

    Firefox does not protect you from virus or malware. if you don't already have a subscription most people would suggest you use the free version of AVG instead http://free.grisoft.com/

    AVG works fine, as does Avira.

  9. #49
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb Firefox 2.0.0.2

    Firefox 2.0.0.2 released:Closes security holes
    Mozilla.org has released Firefox 2.0.0.2, the latest version of its popular open source Web browser.

    In the Mac OS X edition, security refinements are the focal point for this release. Among the flaws eliminated:



    • MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks
    • MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow
    • MFSA 2007-05 XSS and local file access by opening blocked popups
    • MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot
    • MFSA 2007-03 Information disclosure through cache collisions
    • MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks
    • MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)

  10. #50
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb Camino 1.1 Beta

    Camino 1.1 Beta

    Camino 1.1 Beta may be unstable and may not be suitable for day-to-day use.
    Please download Camino 1.0.3 if you wish to use the stable version of Camino.

    Release Notes

  11. #51
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb IE, Firefox Share Vulnerability

    Linked by Thom Holwerda on 2007-02-27 16:40:07 UTC, submitted by flanque
    Internet Explorer 7 and Firefox 2.0 share a logic flaw. The issue is actually more severe, as the two versions of the Microsoft and Mozilla browsers are not the only ones affected. In this regard, the vulnerability impacts Internet Explorer 5.01, Internet Explorer 6 and Internet Explorer 7 but also Firefox 1.5.0.9. Microsoft has stressed the fact that IE7 on Windows Vista is not affected in any manner.

    Both examples are Windows-specific, and require C:BOOT.INI to exist and be readable by users. The attack itself is not limited to a particular operating system, but I decided to provide a demonstration for the most popular desktop OS - *nix versions that access /etc/hosts or /etc/passwd are easy to develop,” Zalewski added.

    http://news.softpedia.com/news/IE7-a...es-47439.shtml

  12. #52
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb Browsers becoming more proactive

    Analysis: Browser Security
    Browsing for Trouble

    On an individual basis, newer browsers--IE7 and Mozilla Firefox 2.0 in particular--focus on active fraud prevention and personal-information protection. An improved ability to scrub history and cache files, for example, benefits users and admins alike, as do antifraud measures, internationalized domain name (IDN) support, address-bar visibility and easier control over ActiveX component integration. And vendors are thinking outside the box--as evinced by Microsoft's Strider HoneyMonkey exploit-detection project, used by its Internet Safety Enforcement Team to track spammers and phishers.

    The common thread: Proactively identify suspicious sites instead of waiting for users to stumble onto them.

    If your enterprise is considering running critical applications on Firefox and IE, are you courting disaster? We examine the latest in browser security, such as antiphishing technology and validation certificates, to help keep your data safe

    Default assumption:
    Browsers are insecure. If we had a dollar for every flaw we've seen exploited--repeatedly--that let malware overrun our networks, we might have enough to cover cleanup efforts. Last year, 51 exploits targeted poorly designed ActiveX controls alone, according to Symantec. That's up from just 15 in 2005. Yes, ActiveX is off in Internet Explorer 7 by default, but if your end users need Adobe Reader or Flash functionality, you're back in the line of fire.

  13. #53
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb Firefox JavaScript flaw

    Mozilla patches critical flaw

    By Matt Hines, InfoWorld

    The Mozilla Foundation has plugged a "critical" JavaScript vulnerability in the Firefox browser and the SeaMonkey application suite.

    The patch, released Monday, targets Firefox versions 2.0.0.2 and 1.5.0.10, as well as SeaMonkey versions 1.1.1 and 1.0.8. An earlier fix for a JavaScript problem allowed scripts from web content to execute arbitrary code, Mozilla said in a security update.

    The vulnerability allowed uniform resource identifiers in image tags to be executed even if JavaScript was disabled in the program preferences, Mozilla said. Disabling JavaScript does not protect against the flaw, so the foundation recommended that users upgrade to new versions.


  14. #54
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb Firefox extensions

    20 must-have Firefox extensions

    These plug-ins give you souped-up functionality, better look and feel, and streamlined development tasks. And some are just plain cool.

  15. #55
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb Norton Confidential

    Norton Confidential is an innovative new security solution that will help protect you while you are most vulnerable.

    Prior to you logging in, making a purchase or otherwise submitting personal data, Norton Confidential scans both your PC and the Web site, protecting you from known or suspicious phishing sites, crimeware and other threats designed to steal your information.

    Traditional security solutions require "signatures" to protect you against known "threats." Norton Confidential also utilizes behavioral technologies to protect you from "unknown" threats that have never been seen before.

    • Critical file protection locks down key system files to protect your data from getting tampered, whether by a hacker or accidental deletion
    • Firefox® Toolbar Plug-in helps users see Web page risk status at any time (Firefox browser included with installation)
    • Information Guard ensures confidential information such as government issued identification numbers, credit card numbers, or even address or telephone numbers can’t leave without your permission
    • Symantec Setup Assistant helps users enter in confidential data and other configuration tasks
    • Powerful, yet easy to use – because its designed just for Mac
    • Works alongside Norton AntiVirus for Macintosh or other antivirus solutions
    • Includes 1 year of antiphishing and vulnerability protection updates
    Works with Firefox 2.0+

    ... and seems to be impossible to download pdf manual, maybe no support, and Google turns up zilch.

    Last edited by TZ; 03-08-2007 at 02:46 PM.

  16. #56
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb Firefox Extenions: backdoor trojan? keylogger?

    Firefox extensions:

    Do you really know and trust those extensions?

    I ran into one that promises to block google ads and filter results and block google cookies... CustomizeGoogle

    So why and how is it that it is installed in the "Launch Daemons" folder in /Library (top level) along with other launchd items launched on startup?

    Why does it prevent the system from sleeping? and why, when I restore power via UPS does the Mac boot itself on its own? (I normally shutdown, turn off power through the UPS. There is no setting to boot automatically.)

    Never asked for permission; doesn't seem necessary or document that it will be installed and run under launchd.

    Instead of filtering, it could easily have been SENDING personal search data. I don't know. But I've now made some changes and worry about places I did login and present my own 'credentials.'

    Something was keeping from system from going to sleep and staying asleep, so I started checking what I had added in last 24 hrs and recalled this - which I am glad I did.

    My first thought was, "oh, I installed and enabled the latest ClamXav." Only that didn't change anything.

    I really wish I knew for sure, and it just shows that it is easy for something to get installed, bypass whatever security you might think there is. This could have been logging, sending, acting as a keylogger.
    Last edited by TZ; 03-08-2007 at 07:04 PM.

  17. #57
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb Firewalls and Firefox updates:

    When Firefox updates, you typically have to re allow internet access to Firefox through your firewall.

    http://kb.mozillazine.org/Firewalls

    12 ways to get fooled by firewalls (by VanillaMozilla) http://forums.mozillazine.org/viewto...295421#2295421

  18. #58
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb Protected Mode

    In Vista, IE7 uses a technique Microsoft calls Protected Mode - another name for "low rights" - that blocks disk access to all but a temporary-files folder. The idea is that if an exploit - a drive-by download, for instance - attacks IE7 through a browser vulnerability, it can't install code on the PC's drive.

    Last October, after Firefox developers had spent several days at Microsoft's headquarters with the Vista team, a Mozilla engineer said they had come away with thoughts on how Firefox might take advantage of Vista's low-rights features.


    Firefox 3.0, code-named Gran Paradiso for now, will sport beefed up security when it's unveiled as a final release in the second half of this year. Exactly what form that security will take, however, remains uncertain.



    The current Firefox 3.0 planning document lists security additions in password and antifraud areas, as well as enhancements to the user interface to make it easier for Web surfers to tell the browser's security status or the validity of a site's certificate.

  19. #59
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb FireFox 2.0.0.3

    Mozilla Foundation Security Advisory 2007-11

    Title: FTP PASV port-scanning
    Impact: Low
    Announced: March 20, 2007
    Reporter: mark@bindshell.net
    Products: Firefox, SeaMonkey

    Fixed in: Firefox 2.0.0.3
    Firefox 1.5.0.11
    Description

    The FTP protocol includes the PASV (passive) command which is used by Firefox to request an alternate data port. The specification of the FTP protocol allows the server response to include an alternate server address as well, although this is rarely used in practice.

    mark@bindshell.net reported that a malicious web page hosted on a specially-coded FTP server could use this feature to perform a rudimentary port-scan of machines inside the firewall of the victim. By itself this causes no harm, but information about an internal network may be useful to an attacker should there be other vulnerabilities present on the network.


    Mozilla clients will now ignore the alternate server address.



    http://www.mozilla.org/

  20. #60
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb Firefox 2.0.0.3

    Firefox Latest release
    http://www.mozilla.com/en-US/

    Mozilla Foundation Security Advisory 2007-11

    Title: FTP PASV port-scanning
    Impact: Low
    Announced: March 20, 2007
    Products: Firefox, SeaMonkey

    Fixed in: Firefox 2.0.0.3
    Firefox 1.5.0.11
    Description

    The FTP protocol includes the PASV (passive) command which is used by Firefox to request an alternate data port. The specification of the FTP protocol allows the server response to include an alternate server address as well, although this is rarely used in practice.

    mark@bindshell.net reported that a malicious web page hosted on a specially-coded FTP server could use this feature to perform a rudimentary port-scan of machines inside the firewall of the victim. By itself this causes no harm, but information about an internal network may be useful to an attacker should there be other vulnerabilities present on the network.

    Mozilla clients will now ignore the alternate server address.

    http://www.mozilla.org/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •