First vulnerability in FF 2.0

Hi malware fighters,

We could have waited for it, now it is here, a hole in FF 2.0. Only able to crash the browser now, look here:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5633

A proof of concept: http://werterxyz.altervista.org/Firefox2Range.htm
(Does not work with NoScript enabled, people do not know what a gigantic protection can be achieved by installing the NoScript add-on for FF or Flock).

polonus

Already posted by Cloussau here:

http://forum.avast.com/index.php?topic=24536.45

Yes, NoScript is very handy for these and any other script attacks when you arrive at an unknown site.

And its a MultiPlatform bug as it crashes the Mac version too

Firefox has roughly 10% of the browser market, and it’s well known, that it is used heavily by computer savvy folks. I wonder how many of those users aren’t using NoScript? Kind of a non-starter don’t ya think? :wink:

Edit: Typo

Update on the story:

http://news.com.com/Another+denial-of-service+bug+found+in+Firefox+2/2100-1002_3-6131624.html?tag=cd.top

Release of the new Web browsers set off a race among bug hunters to come up with the first security hole in either program. So far, though, none of the reported flaws could be exploited to hijack a PC running the browser, the most serious type of vulnerability.

That’s actually when a flaw becomes a security breach. Everything else is simply an annoyance. IMHO :slight_smile:

Frankly, that’s one of your “opinions” that ought to be etched in stone!

;D

Edit: Typo

This is a bit off topic to this subject, but very interesting to see how unreadable this page is without NoScript running:
http://www.castlecops.com/t159501-suggest_a_firewall.html

All those google advertisements.

Many other forums are also much better to read with disabling them to have javascript.
Avast forum of course is an exception.

I have been using NoScript for so long, that I didn’t realize there were so many adds without it!!!

http://smileys.sur-la-toile.com/repository/Grands_Smileys/dinosaure-t-rex.gif

Ro Ro 8)

Yes roro.
I don’t use adblock or proxomitron or any, but NoScript basically keeps my internet surfing less flashing and advert free :slight_smile: