FW: [usg_list] Firefox JavaScript Engine Flaw Flagged
FYI ------------------------------------------------------------------------ ------------------------- Jodi W. Anderson, Mr (BA, A+, MCP) - Computer Systems Consultant Waikato University Library - Computing Operations Group Ph: +64 7 838 4323 email: jodi(a)waikato.ac.nz "Right now I'm having amnesia and deja vu at the same time. I think I've forgotten this before."
should keep an eye on this one if your using or supporting Firefox/Mozilla....
from: http://www.eweek.com/article2/0,1759,1782332,00.asp
A moderately critical security flaw in the Mozilla Foundation's Firefox Web browser could put users at risk of information disclosure attacks, according to an advisory from security research outfit Secunia.
The vulnerability has been confirmed in Firefox 1.0.1 and 1.0.2, the two latest browser releases from the open-source foundation. It also affects the Mozilla suite, Secunia warned.
Secunia has released an online test to allow Firefox and Mozilla users to determine if they are affected by the bug.
As a temporary workaround, Secunia suggests that JavaScript support be disabled.
As a temporary workaround, Secunia suggests that JavaScript support be disabled.
And render your browser almost worthless. So many sites use JavaScript to power forms these days that this really isn't an option. Regards -- Oliver Jones » Roving Code Warrior oliver(a)deeperdesign.com » +64 (21) 41 2238 » www.deeperdesign.com
A lot of sites, it's true, but "almost worthless" is a definite overstatement, at least for my mileage, which of course varies. I had javascript turned off in Firefox for a few days before I noticed that I couldn't log into Fastnet. That's the only site I had a problem with that I use... On Wed, 2005-04-06 at 18:52 +1200, Oliver Jones wrote:
As a temporary workaround, Secunia suggests that JavaScript support be disabled.
And render your browser almost worthless. So many sites use JavaScript to power forms these days that this really isn't an option.
Regards -- Oliver Jones » Roving Code Warrior oliver(a)deeperdesign.com » +64 (21) 41 2238 » www.deeperdesign.com
_______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug
Hrm... IMHO firefox needs to treat javascript the same way it treats extensions - ie: have a white or blacklist type feature Quoting Bnonn <bnonn(a)orcon.net.nz>:
A lot of sites, it's true, but "almost worthless" is a definite overstatement, at least for my mileage, which of course varies.
I had javascript turned off in Firefox for a few days before I noticed that I couldn't log into Fastnet. That's the only site I had a problem with that I use...
On Wed, 2005-04-06 at 18:52 +1200, Oliver Jones wrote:
As a temporary workaround, Secunia suggests that JavaScript support be disabled.
And render your browser almost worthless. So many sites use JavaScript to power forms these days that this really isn't an option.
Regards -- Oliver Jones » Roving Code Warrior oliver(a)deeperdesign.com » +64 (21) 41 2238 » www.deeperdesign.com
_______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug
Orion Edwards wrote:
Hrm... IMHO firefox needs to treat javascript the same way it treats extensions - ie: have a white or blacklist type feature
Mozilla has a very extensive javascript permission module, allowing black and whitelisting javascript features. It just has no UI for it: http://www.mozilla.org/projects/security/components/ConfigPolicy.html
participants (6)
-
Bnonn -
Jodi Thomson -
Nigel Nguyen -
Oliver Jones -
Orion Edwards -
Perry Lorier