Firefox news - SANS Internet Storm Center

Firefox news
So, this is not a marketing or just news about Firefox. :) The reason for this post is that Firefox is the subject of two quite interesting security related news. Starting on the first one. There is a 0day vulnerability for Firefox, including the latest version. This vulnerability is already being exploited, so beware... The good thing is that Mozilla is quite fast on those and already confirmed the issue and is working to get it fixed. The second one is related to an Firefox extension released yesterday. It is called Firesheep. In summary, it is an addon that will make it really easy to basically anyone hack accounts by sniffing traffic on public hotspots, such as airports, coffee shops,etc... Hacking accounts by sniffing traffic on unsecured wifi networks is not really difficult, but until now, you would need some additional steps to accomplish it, but with Firesheep it is all there for you...really recommend a check on it. PCWorld has a good write up on it. Thanks for the readers that pointed that out. ---------------------------------------------------------------------------------------------------- Pedro Bueno (pbueno /%%/ isc. sans. org) Twitter: http://twitter.com/besecure	Pedro 155 Posts ISC Handler Oct 26th 2010
Thread locked Subscribe	Oct 26th 2010 1 decade ago
Pedro, I would remove that link to the PC World article, it really diminishes the impact of this threat. Considering that the writer ran this test using 2 browsers on the same machine, using the same network connection, over the same Access Point. If you want to run a test like this and then write an article about said test...it would be so much more viable to actually run the test from a HotSpot and not from within your home and not from the same PC.	HackDefendr 65 Posts
Quote	Oct 26th 2010 1 decade ago
It is worth noting that NoScript can force HTTPS on many popular sites such as twitter that otherwise use SSL only for login. http://noscript.net/faq#https	Anonymous
Quote	Oct 27th 2010 1 decade ago
Cooling Down the Firesheep - http://blog.mozilla.com/security/2010/10/27/cooling-down-the-firesheep/ 10.27.10 > https://addons.mozilla.org/en-US/firefox/addon/12714/ .	Jack 160 Posts
Quote	Oct 27th 2010 1 decade ago
Regarding Firefox 0-day hole. there has been a lot of writing in the norwegian media the last days. Thuesday (26. okt) nobelpeaceprice.org was hacked. (yes - its the official peace price site) The site was effected with a trojan that was executed through a 0-day exploit in firefox. the malvare was undetected by 41 AV-tools norwegian soc article can be found: http://telenorsoc.blogspot.com/2010/10/nobelpeaceprizeorg-kompromittert.html goole from norwegian to english for info.	Jack 3 Posts
Quote	Oct 27th 2010 1 decade ago
A fix for this vulnerability has been released for Firefox and Thunderbird users. Firefox 3.6.12 and 3.5.15 security updates now available * Firefox 3.6.12: http://firefox.com * Firefox 3.5.15: http://www.mozilla.com/firefox/all-older.html Thunderbird 3.1.6 and 3.0.10 security updates now available	Jack 1 Posts
Quote	Oct 28th 2010 1 decade ago
I am new to all this network security stuff, I amd currently attending shool, but I did do a little reading on this Firefox and it sounds like there could be alot of issues with it not being as secure as some other browsers. I use your standard web browsers such as Yahoo and sometime Google systems on my home network, are they any more secure than this Firefox browser?	Jack 1 Posts
Quote	Oct 29th 2010 1 decade ago