Enervation: How to make something new unintelligible
|
|
|
German govt says no to Firefox
THE GERMAN GOVERNMENT has warned citizens not to use Mozilla's Firefox browser because of an inherent security flaw.
The advice comes from the BürgerCERT, which itself comes from the less amusingly named Bundesamt für Sicherheit in der Informationstechnik, or BSI for short.
In its warning the BSI said, "There is an as yet unspecified vulnerability in Mozilla Firefox version 3.6. A remote attacker to execute using rigged websites the opportunity to inject malicious code in the context of the logged on user" (translation courtesy of Google Translate).
It added that because the problem could allow for a hacker to take control of a user's machine it was recommending the use of another browser until, that is, Firefox version 3.6.2 is released.
In its own blog posting Mozilla credited security researcher Evgeny Legerov from Secunia for bringing the issue to its attention and promised to release a fixed version by 30 March. It has issued a patch for the problem, although it does involve a manual install, something that could be beyond some people's skills.
Commenting on the issue Graham Cluley, Sophos' man on the telly, said, "Switching your web browser willy-nilly as each new unpatched security hole is revealed could cause more problems than it's worth. My advice is to only switch from Firefox if you really know what you are doing with the browser you're swapping to. If you stick with Firefox, apply the security update as soon as its available". µ
Share this:
Share
I haven't gone into it much, but I think that script execution may be not necessary.
It's the level of defect that I don't hold back from complaining about in Microsoft products - JPEGs that turn yourycomputer evil? E-mail that infects as soon as you receive it... and a web page font that does the dirty on you as soon as you open a web page.
So I have to reproach it in Firefox as well. Bad font data must NOT lead to malicious activity.
Still, fixed quite quickly, given that mister security researcher apparently chose to play silly buggers on Mozilla.
Just guessing here but i`m thinking the exploit would need to run a script first?
I run the NoScript addon with firefox and i dont allow any scripts to run unless on websites i know and trust.This is the main reason i use firefox really and i have had no problems for years.
Do you mean the 3.6.2 beta release? That's not a patch surely? And beta is risky too. (Officially.)
However, there now seems to be a final 3.6.2 release.
I suppose this itself counts as a "manual install" if you normally just use the version that came with your last Linux distro.
Is that what you meant?
The Firefox geeks who keep attacking IE seem to forget their beloved browser does have more bugs than IE and last year had more than all the other browsers combined!
Hmmmm....Exploits are found in all browsers. Going by the logic of the German Government, the only browser fit for usage would be...Lynx:).
Government advisories on computer browsers? What kind of nanny state do you run over there?
Well they would, wouldn't they.
If this was IE, there'd be murder on here by the fanboys. But because it's Firefox, it's OK really. Nothing to make a fuss about, eh?