Firefox news
So, this is not a marketing or just news about Firefox. :)
The reason for this post is that Firefox is the subject of two quite interesting security related news.
Starting on the first one.
There is a 0day vulnerability for Firefox, including the latest version. This vulnerability is already being exploited, so beware...
The good thing is that Mozilla is quite fast on those and already confirmed the issue and is working to get it fixed.
The second one is related to an Firefox extension released yesterday. It is called Firesheep.
In summary, it is an addon that will make it really easy to basically anyone hack accounts by sniffing traffic on public hotspots, such as airports, coffee shops,etc...
Hacking accounts by sniffing traffic on unsecured wifi networks is not really difficult, but until now, you would need some additional steps to accomplish it, but with Firesheep it is all there for you...really recommend a check on it.
PCWorld has a good write up on it.
Thanks for the readers that pointed that out.
----------------------------------------------------------------------------------------------------
Pedro Bueno (pbueno /%%/ isc. sans. org)
Twitter: http://twitter.com/besecure
Comments
I would remove that link to the PC World article, it really diminishes the impact of this threat. Considering that the writer ran this test using 2 browsers on the same machine, using the same network connection, over the same Access Point.
If you want to run a test like this and then write an article about said test...it would be so much more viable to actually run the test from a HotSpot and not from within your home and not from the same PC.
HackDefendr.com
Oct 26th 2010
1 decade ago
http://noscript.net/faq#https
Mike A.
Oct 27th 2010
1 decade ago
- http://blog.mozilla.com/security/2010/10/27/cooling-down-the-firesheep/
10.27.10
> https://addons.mozilla.org/en-US/firefox/addon/12714/
.
PC.Tech
Oct 27th 2010
1 decade ago
there has been a lot of writing in the norwegian media the last days.
Thuesday (26. okt) nobelpeaceprice.org was hacked.
(yes - its the official peace price site)
The site was effected with a trojan that was executed through a 0-day exploit in firefox.
the malvare was undetected by 41 AV-tools
norwegian soc article can be found:
http://telenorsoc.blogspot.com/2010/10/nobelpeaceprizeorg-kompromittert.html
goole from norwegian to english for info.
kjell
Oct 27th 2010
1 decade ago
Firefox 3.6.12 and 3.5.15 security updates now available
* Firefox 3.6.12: http://firefox.com
* Firefox 3.5.15: http://www.mozilla.com/firefox/all-older.html
Thunderbird 3.1.6 and 3.0.10 security updates now available
Aniekan
Oct 28th 2010
1 decade ago
I use your standard web browsers such as Yahoo and sometime Google systems on my home network, are they any more secure than this Firefox browser?
Brett
Oct 29th 2010
1 decade ago