Everyday Pensacola

A place to discuss Pensacola, Florida area topics as well as the rest of the nation/world. To write a post, you must register and log in.
 
HomeHome  RegisterRegister  Log in  

Share | 
 

 Do NOT upgrade to FireFox 16... bad code inside.

View previous topic View next topic Go down 
AuthorMessage
Eric

avatar

Posts : 9735
Join date : 2012-07-30
Age : 66
Location : Hoover, AL & Pensacola when I'm lucky

PostSubject: Do NOT upgrade to FireFox 16... bad code inside.   Thu Oct 11, 2012 2:54 pm

Attack code that exploits a privacy information leak introduced in the latest version of Firefox is available online, making it easy for malicious websites to gather detailed information about users' browsing history unless they downgrade to the previous Mozilla release.

At http://arstechnica.com/security/2012/10/firefox-16-vulnerability-attack-code-available-online/

"Looks like Firefox introduced a code change that allows a malicious webpage to run some JavaScript that can access the 'location' (the URL bar) of windows," Jeff Williams wrote. "So attackers can abuse this by using JavaScript to open other windows to protected websites. Then that JavaScript can access the URL and give it to the attacker. This should result in an 'Error: Permission denied' message, but FF16 allows it."

Williams (Jeff Williams, a web application security expert and CEO of Aspect Security) continued:

"This is most effective when the attacker can find a website that redirects to a URL with something sensitive in it—like your Twitter username. So although it sounds like a history-stealing attack, it really isn't. It allows access to URL's that might contain sensitive information."

Readers who are still using Firefox version 15.0.1 should take no action. Those whose browsers have already updated to version 16 should roll back by downloading version 15.0.1 here http://www.mozilla.org/en-US/firefox/fx/?from=getfirefox. Mozilla has released Firefox 16.0.1 for Android on Google Play. As of 11:25 California time Firefox 16.0.1 for desktops had been pushed out to computers belonging to several Ars employees.

I will post a followup for an "all-clear" when it becomes available.

_________________
Ideas are funny little things, they won't work unless you do.
Back to top Go down
http://ericericson.net
Admin
Admin
avatar

Posts : 299
Join date : 2012-07-30
Age : 66
Location : Pensacola

PostSubject: Re: Do NOT upgrade to FireFox 16... bad code inside.   Sat Oct 13, 2012 10:43 am

According to this CNET article, Mozilla pulled the plug on Firefox 16 the same day it was released because of this bug. Accordingly, they have now re-released it with the security flaw fixed.

http://download.cnet.com/8301-2007_4-57531010-12/mozilla-rereleases-firefox-16-after-fixing-critical-flaw/?tag=rb_content;main

_________________
True knowledge exists in knowing that you know nothing. – Socrates]
Back to top Go down
http://pensacoladaily.forumotion.com
Melissa
Admin
avatar

Posts : 1324
Join date : 2012-07-30
Location : A wild garden

PostSubject: Re: Do NOT upgrade to FireFox 16... bad code inside.   Sat Oct 13, 2012 8:16 pm

I installed Firefox 16 today, so I should be covered. So far, I'm having no problems with Firefox. I just hope it stays that way!

And wow, am I ever glad to "see" you guys.....this is the first time I've been able to access PenacolaDaily since around 2200 last night.
Back to top Go down
http://www.ouroasis.forumotion.com
Guest
Guest



PostSubject: Re: Do NOT upgrade to FireFox 16... bad code inside.   Mon Mar 04, 2013 12:02 am

Chrome is better!
Back to top Go down
riceme

avatar

Posts : 3098
Join date : 2012-12-02
Age : 45
Location : Fox, Alaska

PostSubject: Re: Do NOT upgrade to FireFox 16... bad code inside.   Mon Mar 04, 2013 12:21 am

Holy smokes, I'm already on FF v.19!

EDIT: lol... just noticed this is from October. Makes a lot more sense now. Wink
Back to top Go down
Ghost Rider
Admin
avatar

Posts : 338
Join date : 2012-11-18

PostSubject: Re: Do NOT upgrade to FireFox 16... bad code inside.   Mon Mar 04, 2013 10:58 am

riceme wrote:
Holy smokes, I'm already on FF v.19!

EDIT: lol... just noticed this is from October. Makes a lot more sense now. Wink

My Firefox version also indicates version 19 also.

_________________
The tyrant will always find a pretext for his tyranny, and it is useless for the innocent to try by reasoning to get justice, when the oppressor intends to be unjust.
Back to top Go down
riceme

avatar

Posts : 3098
Join date : 2012-12-02
Age : 45
Location : Fox, Alaska

PostSubject: Re: Do NOT upgrade to FireFox 16... bad code inside.   Mon Mar 04, 2013 2:05 pm

Ghost_Rider1949 wrote:
riceme wrote:
Holy smokes, I'm already on FF v.19!

EDIT: lol... just noticed this is from October. Makes a lot more sense now. Wink

My Firefox version also indicates version 19 also.

Geek-watches synced and ready for lift-off!

alien

Kidding... I used to untick the "automatic update" box from FF because I liked to wait a week or so after an upgrade to install it just to make sure it wasn't buggy. Then once I completely forgot and found myself several versions and about a year and a half outdated. I figured to heck with it and ticked the "automatic update" box. lol
Back to top Go down
Sponsored content




PostSubject: Re: Do NOT upgrade to FireFox 16... bad code inside.   

Back to top Go down
 
Do NOT upgrade to FireFox 16... bad code inside.
View previous topic View next topic Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
Everyday Pensacola :: Hobbies and Personal Interests :: Computers-
Jump to: