Firefox threat

Does the latest update have this fix included in it?

http://www.eweek.com/article2/0,1895,2140603,00.asp

I’m not sure how avast could prevent this. This is a quote from the website of the “discoverer”:

This possibility exists whenever the user cannot trust their domain name server (DNS) or network connection. Examples of this include public wireless networks, and users connected to compromised home routers.

Under these circumstances it is assumed that a compromised DNS service would recognize a request for update to one of the Firefox extensions mentioned (typically the Google pack). It would then deliberately re-route the request to a malware site which would then deliver the false .xpi file back to Firefox and that .xpi file would be installed silently by Firefox.

To avast this would appear to be a request that you made. avast has no control over which DNS service you use or the IP adrresses you choose to visit. Since the .xpi file would be delivered on an unsecured session avast would have a chance to check the file for malware signatures. However, since the “discoverer” does not mention any known instances and Google claims they know of none then it might be a bit hard for avast to have any .xpi malware signatures to look for.

I’m making a guess that bwatson283 has posted in the wrong forum (not General) and is talking about the latest firefox update, 2.0.0.4. I could be totally wrong though ;D

That the question was not applied specifically to avast did occur to me. I responded from an avast perspective. One could just about as easily re-write my reply from a Firefox perspective. The main fix is in the hands of Google, who have said they have a fix in the works.

This researcher has discovered nothing new really.

If you go out and expose yourself to a network you do not know then duh! beware!! Do not do anything on an unknown network that you would not wish your mother to have watched you do had she been leaning over your shoulder.

That being said, there are many locations that provide wireless access that are reputable and safe to use.

However, safe wireless access is not considered good publication fodder. We live in a world were many of our governments want to scare us with the threats they will protect us from (at tiny cost to our freedoms and privacy) and are, all to often, abetted by the media where scare stories are far more prevalent and liked by advertisers than “people scan in safety” stories.