Germany warns against use of Firefox browser

classic Classic list List threaded Threaded
16 messages Options
Reply | Threaded
Open this post in threaded view
|

Germany warns against use of Firefox browser

JM-43
http://news.bbc.co.uk/2/hi/technology/8580716.stm

Sometimes I think there's really no secure browsers these days....
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Germany warns against use of Firefox browser

Chris Ilias-4
On 10-03-22 10:54 PM, JM wrote:
> http://news.bbc.co.uk/2/hi/technology/8580716.stm
>
> Sometimes I think there's really no secure browsers these days....

Not only is it FUD (the exploit is sold to security researchers only),
but check for updates anyway. :-)
--
Chris Ilias <http://ilias.ca>
List-owner: support-firefox, support-thunderbird, test-multimedia
Keeper of the Knowledge Base: <https://support.mozilla.com/kb/>
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Germany warns against use of Firefox browser

Gus Richter
In reply to this post by JM-43
On 3/22/2010 10:54 PM, JM wrote:
> http://news.bbc.co.uk/2/hi/technology/8580716.stm
>
> Sometimes I think there's really no secure browsers these days....

The claim by your other respondent that the report is simply FUD is
counterproductive, misleading and downright irresponsible considering
that a little research would reveal this:

<http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/>

And this:

<http://secunia.com/blog/90/>

The best that can be said is that there are no known exploits available
at the time of disclosure, so continue to use 3.6 at your own risk or
use Seamonkey, which along with Thunderbird apparently are not affected.
Mozilla concurs:

<http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/>

Wherein you are also advised that you could also opt to download Release
Candidate Firefox 3.6.2 or await the Final Firefox 3.6.2 scheduled to be
released 3/30/10.

<https://wiki.mozilla.org/Releases/Firefox_3.6.2/Test_Plan>

--
Gus

_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Germany warns against use of Firefox browser

Annailís-3
Gus Richter wrote:

> On 3/22/2010 10:54 PM, JM wrote:
>> http://news.bbc.co.uk/2/hi/technology/8580716.stm
>>
>> Sometimes I think there's really no secure browsers these days....
>
> The claim by your other respondent that the report is simply FUD is
> counterproductive, misleading and downright irresponsible considering
> that a little research would reveal this:
>
> <http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/>
>
>
> And this:
>
> <http://secunia.com/blog/90/>
>
> The best that can be said is that there are no known exploits available
> at the time of disclosure, so continue to use 3.6 at your own risk or
> use Seamonkey, which along with Thunderbird apparently are not affected.
> Mozilla concurs:
>
> <http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/>
>
>
> Wherein you are also advised that you could also opt to download Release
> Candidate Firefox 3.6.2 or await the Final Firefox 3.6.2 scheduled to be
> released 3/30/10.
>
> <https://wiki.mozilla.org/Releases/Firefox_3.6.2/Test_Plan>
>
They must have quickly upgraded RC 3.6.2 to the final version
because the update is now available (I checked for an update
rather than waiting for notification).

--
Annailís
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Germany warns against use of Firefox browser

Jay Garcia
On 23.03.2010 07:27, Annailis wrote:

 --- Original Message ---

> They must have quickly upgraded RC 3.6.2 to the final version because
> the update is now available (I checked for an update rather than waiting
> for notification).

Yup, available late yesterday.

*  Fixed a critical security issue that could potentially allow remote
code execution (see bug 552216).
* Fixed several additional security issues.
* Fixed several stability issues.


--
Jay Garcia - Netscape/Flock Champion
www.ufaq.org
Netscape - Flock - Firefox - Thunderbird - Seamonkey Support
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Germany warns against use of Firefox browser

Jay Garcia
On 23.03.2010 08:19, Jay Garcia wrote:

 --- Original Message ---

> On 23.03.2010 07:27, Annailis wrote:
>
>  --- Original Message ---
>
>> They must have quickly upgraded RC 3.6.2 to the final version because
>> the update is now available (I checked for an update rather than waiting
>> for notification).
>
> Yup, available late yesterday.
>
> *  Fixed a critical security issue that could potentially allow remote
> code execution (see bug 552216).
> * Fixed several additional security issues.
> * Fixed several stability issues.
>
>

Regarding "FUD", this was posted on the ISC site (Internet Storm Center):

<quote>
In the past month, there has been lots of discussions involving an
unpatched security vulnerability in Firefox 3.6.  Unfortunately, there
was very limited information released on the vulnerability and much of
the discussions revolved around if the reports were real or just FUD.
Mozilla eventually received enough information where they could
reproduce the problem and posted an advisory late on 3/18/2010
<unquote>



--
Jay Garcia - Netscape/Flock Champion
www.ufaq.org
Netscape - Flock - Firefox - Thunderbird - Seamonkey Support
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Germany warns against use of Firefox browser

JM-43
In reply to this post by Jay Garcia
On 3/23/2010 9:19 AM, Jay Garcia wrote:

> On 23.03.2010 07:27, Annailis wrote:
>
>   --- Original Message ---
>
>> They must have quickly upgraded RC 3.6.2 to the final version because
>> the update is now available (I checked for an update rather than waiting
>> for notification).
>
> Yup, available late yesterday.
>
> *  Fixed a critical security issue that could potentially allow remote
> code execution (see bug 552216).
> * Fixed several additional security issues.
> * Fixed several stability issues.
>
>
Yes, I just upgraded. Upgrade went well, no problems.
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Germany warns against use of Firefox browser

Terry R.-3
In reply to this post by Jay Garcia
On 3/23/2010 6:38 AM On a whim, Jay Garcia pounded out on the keyboard

> On 23.03.2010 08:19, Jay Garcia wrote:
>
>   --- Original Message ---
>
>> On 23.03.2010 07:27, Annailis wrote:
>>
>>   --- Original Message ---
>>
>>> They must have quickly upgraded RC 3.6.2 to the final version because
>>> the update is now available (I checked for an update rather than waiting
>>> for notification).
>> Yup, available late yesterday.
>>
>> *  Fixed a critical security issue that could potentially allow remote
>> code execution (see bug 552216).
>> * Fixed several additional security issues.
>> * Fixed several stability issues.
>>
>>
>
> Regarding "FUD", this was posted on the ISC site (Internet Storm Center):
>
> <quote>
> In the past month, there has been lots of discussions involving an
> unpatched security vulnerability in Firefox 3.6.  Unfortunately, there
> was very limited information released on the vulnerability and much of
> the discussions revolved around if the reports were real or just FUD.
> Mozilla eventually received enough information where they could
> reproduce the problem and posted an advisory late on 3/18/2010
> <unquote>
>
>
>

"Eventually"...  IMO it took them WAY too long to admit it.


Terry R.
--
Anti-spam measures are included in my email address.
Delete NOSPAM from the email address after clicking Reply.
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Germany warns against use of Firefox browser

Ron Hunter
Terry R. wrote:

> On 3/23/2010 6:38 AM On a whim, Jay Garcia pounded out on the keyboard
>
>> On 23.03.2010 08:19, Jay Garcia wrote:
>>
>>   --- Original Message ---
>>
>>> On 23.03.2010 07:27, Annailis wrote:
>>>
>>>   --- Original Message ---
>>>
>>>> They must have quickly upgraded RC 3.6.2 to the final version because
>>>> the update is now available (I checked for an update rather than
>>>> waiting
>>>> for notification).
>>> Yup, available late yesterday.
>>>
>>> *  Fixed a critical security issue that could potentially allow remote
>>> code execution (see bug 552216).
>>> * Fixed several additional security issues.
>>> * Fixed several stability issues.
>>>
>>>
>>
>> Regarding "FUD", this was posted on the ISC site (Internet Storm Center):
>>
>> <quote>
>> In the past month, there has been lots of discussions involving an
>> unpatched security vulnerability in Firefox 3.6.  Unfortunately, there
>> was very limited information released on the vulnerability and much of
>> the discussions revolved around if the reports were real or just FUD.
>> Mozilla eventually received enough information where they could
>> reproduce the problem and posted an advisory late on 3/18/2010
>> <unquote>
>>
>>
>>
>
> "Eventually"...  IMO it took them WAY too long to admit it.
>
>
> Terry R.

Just because someone says "I have an exploit", you can't assume they
really do, and you certainly can't FIX it, now can you?
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Germany warns against use of Firefox browser

Terry R.-3
On 3/23/2010 1:54 PM On a whim, Ron Hunter pounded out on the keyboard

> Terry R. wrote:
>> On 3/23/2010 6:38 AM On a whim, Jay Garcia pounded out on the keyboard
>>
>>> On 23.03.2010 08:19, Jay Garcia wrote:
>>>
>>>    --- Original Message ---
>>>
>>>> On 23.03.2010 07:27, Annailis wrote:
>>>>
>>>>    --- Original Message ---
>>>>
>>>>> They must have quickly upgraded RC 3.6.2 to the final version because
>>>>> the update is now available (I checked for an update rather than
>>>>> waiting
>>>>> for notification).
>>>> Yup, available late yesterday.
>>>>
>>>> *  Fixed a critical security issue that could potentially allow remote
>>>> code execution (see bug 552216).
>>>> * Fixed several additional security issues.
>>>> * Fixed several stability issues.
>>>>
>>>>
>>> Regarding "FUD", this was posted on the ISC site (Internet Storm Center):
>>>
>>> <quote>
>>> In the past month, there has been lots of discussions involving an
>>> unpatched security vulnerability in Firefox 3.6.  Unfortunately, there
>>> was very limited information released on the vulnerability and much of
>>> the discussions revolved around if the reports were real or just FUD.
>>> Mozilla eventually received enough information where they could
>>> reproduce the problem and posted an advisory late on 3/18/2010
>>> <unquote>
>>>
>>>
>>>
>> "Eventually"...  IMO it took them WAY too long to admit it.
>>
>>
>> Terry R.
>
> Just because someone says "I have an exploit", you can't assume they
> really do, and you certainly can't FIX it, now can you?

Read again.  I said "admit it".


Terry R.
--
Anti-spam measures are included in my email address.
Delete NOSPAM from the email address after clicking Reply.
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Germany warns against use of Firefox browser

Ron Hunter
Terry R. wrote:

> On 3/23/2010 1:54 PM On a whim, Ron Hunter pounded out on the keyboard
>
>> Terry R. wrote:
>>> On 3/23/2010 6:38 AM On a whim, Jay Garcia pounded out on the keyboard
>>>
>>>> On 23.03.2010 08:19, Jay Garcia wrote:
>>>>
>>>>    --- Original Message ---
>>>>
>>>>> On 23.03.2010 07:27, Annailis wrote:
>>>>>
>>>>>    --- Original Message ---
>>>>>
>>>>>> They must have quickly upgraded RC 3.6.2 to the final version because
>>>>>> the update is now available (I checked for an update rather than
>>>>>> waiting
>>>>>> for notification).
>>>>> Yup, available late yesterday.
>>>>>
>>>>> *  Fixed a critical security issue that could potentially allow remote
>>>>> code execution (see bug 552216).
>>>>> * Fixed several additional security issues.
>>>>> * Fixed several stability issues.
>>>>>
>>>>>
>>>> Regarding "FUD", this was posted on the ISC site (Internet Storm
>>>> Center):
>>>>
>>>> <quote>
>>>> In the past month, there has been lots of discussions involving an
>>>> unpatched security vulnerability in Firefox 3.6.  Unfortunately, there
>>>> was very limited information released on the vulnerability and much of
>>>> the discussions revolved around if the reports were real or just FUD.
>>>> Mozilla eventually received enough information where they could
>>>> reproduce the problem and posted an advisory late on 3/18/2010
>>>> <unquote>
>>>>
>>>>
>>>>
>>> "Eventually"...  IMO it took them WAY too long to admit it.
>>>
>>>
>>> Terry R.
>>
>> Just because someone says "I have an exploit", you can't assume they
>> really do, and you certainly can't FIX it, now can you?
>
> Read again.  I said "admit it".
>
>
> Terry R.

When reliable information on the exploit became available, and they
tested it, then they did admit it.  And it was fixed in good time.  What
more can one expect?
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Germany warns against use of Firefox browser

»Q«
In reply to this post by Terry R.-3
In <news:[hidden email]>,
"Terry R." <[hidden email]> wrote:

> On 3/23/2010 1:54 PM On a whim, Ron Hunter pounded out on the keyboard
>
> > Terry R. wrote:
> >> On 3/23/2010 6:38 AM On a whim, Jay Garcia pounded out on the
> >> keyboard
> >>
> >>> On 23.03.2010 08:19, Jay Garcia wrote:
> >>>
> >>>> On 23.03.2010 07:27, Annailis wrote:
> >>>>
> >>>>> They must have quickly upgraded RC 3.6.2 to the final version
> >>>>> because the update is now available (I checked for an update
> >>>>> rather than waiting
> >>>>> for notification).
> >>>> Yup, available late yesterday.
> >>>>
> >>>> *  Fixed a critical security issue that could potentially allow
> >>>> remote code execution (see bug 552216).
> >>>> * Fixed several additional security issues.
> >>>> * Fixed several stability issues.
> >>>
> >>> Regarding "FUD", this was posted on the ISC site (Internet Storm
> >>> Center):
> >>>
> >>> <quote>
> >>> In the past month, there has been lots of discussions involving an
> >>> unpatched security vulnerability in Firefox 3.6.  Unfortunately,
> >>> there was very limited information released on the vulnerability
> >>> and much of the discussions revolved around if the reports were
> >>> real or just FUD. Mozilla eventually received enough information
> >>> where they could reproduce the problem and posted an advisory
> >>> late on 3/18/2010 <unquote>
> >>
> >> "Eventually"...  IMO it took them WAY too long to admit it.
> >>
> > Just because someone says "I have an exploit", you can't assume they
> > really do, and you certainly can't FIX it, now can you?
>
> Read again.  I said "admit it".

They acknowledged that the then-unsubstantiated claim of an exploit
had been posted fast enough, IMO.  What is it you think they should have
admitted and when?


--
»Q«                                                              /"\
                                    ASCII Ribbon Campaign        \ /
                                     against html e-mail          X
                                 <http://www.asciiribbon.org/>   / \
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Germany warns against use of Firefox browser

Tarkus-3
In reply to this post by JM-43
On 3/22/2010 7:54 PM, JM wrote:
> http://news.bbc.co.uk/2/hi/technology/8580716.stm
>
> Sometimes I think there's really no secure browsers these days....

Sometimes?  There's no such thing.  There's only different levels of
security, which is often subjective.
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Germany warns against use of Firefox browser

Sailfish-2
In reply to this post by JM-43
JM wrote:
> http://news.bbc.co.uk/2/hi/technology/8580716.stm
>
> Sometimes I think there's really no secure browsers these days....

There never was and never will be, only ones that are more-secure than
others.

--
Sailfish - Netscape/Mozilla Champion
Netscape/Mozilla Tips: http://www.ufaq.org/ , http://ilias.ca/
Rare Mozilla Stuff: http://www.projectit.com/
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Germany warns against use of Firefox browser

Sailfish-2
Sailfish wrote:
> JM wrote:
>> http://news.bbc.co.uk/2/hi/technology/8580716.stm
>>
>> Sometimes I think there's really no secure browsers these days....
>
> There never was and never will be, only ones that are more-secure than
> others.
>
As if to underscore the point:
http://www.theregister.co.uk/2010/03/25/pwn2own_2010_day_one/

--
Sailfish - Netscape/Mozilla Champion
Netscape/Mozilla Tips: http://www.ufaq.org/ , http://ilias.ca/
Rare Mozilla Stuff: http://www.projectit.com/
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Germany warns against use of Firefox browser

Enrico Weigelt, metux IT service
In reply to this post by JM-43
* JM <[hidden email]> wrote:
> http://news.bbc.co.uk/2/hi/technology/8580716.stm

Keep cool. The Federal Office for Information Security lost
all what was left of its credibility when it approved the
infrastructure for anti-constitutional spying against and
innocent people (including intercepting and manipulating
their traffic) as "safe", as well as the trojans shipped with
certain egov software ("Elster" etc).

These jerks are loyal to the regime of Merkel the ferkel
(former agent of the Soviet regime, @ '89 turned her flag
to the anglo-american oligarchy), just claiming to be
concerned w/ information security - but thats just classical
newspeak, just like "NSA" ...

> Sometimes I think there's really no secure browsers these days....

Any complex software has chance of critical leaks.
Well, most of them could be prevented by not letting the code
become that complex in the first place (eg. split up that fat
application into a bundle of small ones, each running under
carefully limited privileges ...)


cu
--
----------------------------------------------------------------------
 Enrico Weigelt, metux IT service -- http://www.metux.de/

 phone:  +49 36207 519931  email: [hidden email]
 mobile: +49 151 27565287  icq:   210169427         skype: nekrad666
----------------------------------------------------------------------
 Embedded-Linux / Portierung / Opensource-QM / Verteilte Systeme
----------------------------------------------------------------------
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general