Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: Insecure browser
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
Programs
|
Relating to this vendor: Mozilla Foundation |
And, this specific program: Mozilla Firefox 3.5.x |
| oldyorkie | Insecure browser |
|---|---|
 |
17th Jul, 2009 02:45 |
|
Ranking: 6 Posts: 32 User Since: 7th Aug, 2008 System Score: 100% Location: UK Last edited on 17th Jul, 2009 04:17 |
HA HA....not really a laughing matter but....I have the latest versions of both IE8 and FF 3.5....both of these are showing up as Insecure browsers...IE8 states "Minimum 3 attack vectors"....FF states "Minimum 3 critical attack vectors". I stopped using IE because of this....now my preferred browser gone even less secure!! Would you recommend using yet another browser...say Safari, for example....or just carry on using existing, but paying attention to links whilst surfing?...assuming a fix coming very soon from vendors....bearing in mind that IE8 has been showing up as insecure with no fix for past 2 months!! NB..I have just installed 3.5.1 thinking it would make a difference (released 16/07/09)....not one bit!! Thanks oldyorkie -- HP dv7 3.00GB RAM Win 7 Home Premium 64 bit AMD Phenom P820 II Triple Core IE 9 |
| Maurice Joyce | RE: Insecure browser | ||||||||
|
17th Jul, 2009 11:38 | ||||||||
| Score: 10510 Posts: 8,072 User Since: 4th Jan 2009 System Score: 100% Location: UK |
I only use IE8. Having read details of the minor security issue with this browser I am carrying on (with caution) using it until Microsoft issue a patch. -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| Rosanne | RE: Insecure browser | ||||||||
|
|
17th Jul, 2009 12:03 | ||||||||
| Score: 0 Posts: 6 User Since: 13th Nov 2008 System Score: N/A Location: N/A |
FF 3.5.1 has 3 attack vectors according to Secunia, 2 classified as Moderately Critical regarding Sun Java ( Sun has promised a patch for these bugs late July , hopefully they mean 2009 ) The Highly Critical bug from RealPlayer is found in build 6.0.14.748, the latest version 955 should not be vulnerable. So in conclusion FF 3.5.1 ought to be a very safe browser. IE8 is plagued by getPlus ActiveX-bugs, and with the Dinosaur's behaviour of MS we customers have to be patient and wait for the appropiate patches |
||||||||
|
|||||||||
| Anthony Wells | RE: Insecure browser | ||||||||
|
17th Jul, 2009 16:54 | ||||||||
| Score: 2324 Posts: 3,204 User Since: 19th Dec 2007 System Score: N/A Location: N/A |
Ff v3.5.1 fixes the.jit bug & so it should no longer show as being itself vulnerable in "secure browsing" ; something like the Ff "add on" NoScript might make you feel more secure until there is a fix for the "no solution" Java vulnerability. -- It always seems impossible until its done. Nelson Mandela |
||||||||
|
|||||||||
| wr | RE: Insecure browser | ||||||||
|
17th Jul, 2009 20:50 | ||||||||
| Score: 298 Posts: 717 User Since: 30th Mar 2008 System Score: 100% Location: US |
Here's my .02 worth on IE8 & FF3.5.1 to oldyorkie, yes the latest v. fixed the .jit patch as Anthony Wells pointed out & I also agree w/ him on using NoScript as added protection, yes it can be a NaggingNanny but my take on the subject is I'd rather be nagged than hacked. Regarding IE8, I read somewhere within the last 2 days that M$ was suggesting to rollback to IE7 rather than wait for patch(s) to IE8 as they had released additional patches for IE7. The author of the article gave no M$ reason for this, but my personal opinion is that rather than release patches for IE8 which probably will be included in new release of Win 7-except in Europe-the OEM v. will be "new" IE8 & then the patches will be released to general public. So follow Maurice Joyces' suggestion he posted earlier in this thread. BTW Rosanne, I liked your assessment of when Java(tm) might issue a patch. Hopefully in this decade. I'm just glad we have a company like Secunia to point out these insecurities and give us the opportunity and options to make our systems more secure. Thanks Secunia for all you do & your support. Now that I've exhausted most of my mental/technical capacity I hope everyone has a very enjoyable weekend. Regards, wr -- HP Pavilion Slimline Windows Vista Home Premium SP2 32 bit AMD Athlon 64 X2 Firefox 17.0.6 ESR The weakest link of a computer system is always sitting in front of the monitor. |
||||||||
|
|||||||||
| 3Simplex | RE: Insecure browser | ||||||||
|
|
29th Jul, 2009 16:28 | ||||||||
| Score: 0 Posts: 3 User Since: 16th Feb 2009 System Score: N/A Location: N/A |
Although this may be more complicated for IE users. The FF user could get Chrome to work for them, I switched from FF to Chrome when it first came out just for the clean interface and the top of the line security features. I do use the Dev branch of Chrome and have not been bothered by any small instability. Now and then I do have to reload the page to get properly displayed pages, and I have to trick websites into believing i'm using safari because many sites discriminate the Chrome name. With my bag of tricks I can use chrome to watch "Instant" Netflix and surf unhindered by lazy web developers who don't want to accept that chrome really does work on their site without any major changes to their code. Google Chrome "Dev" does not now, and has not ever shown as a vulnerability. (Perhaps only due to the laziness of other developers?) |
||||||||
|
|||||||||
| Handries | RE: Insecure browser | ||||||||
|
|
29th Jul, 2009 20:32 | ||||||||
| Score: 1 Posts: 3 User Since: 9th Apr 2008 System Score: N/A Location: CA |
As browsers I have IE8, Maxthon 2.5.3, Firefox 3.51 and Opera 10 installed and the latter seems to be the safest of the lot, so I'm using that one as my default browser. |
||||||||
|
|||||||||
| oldyorkie | RE: Insecure browser | ||||||||
|
|
5th Aug, 2009 21:16 | ||||||||
| Score: 6 Posts: 32 User Since: 7th Aug 2008 System Score: 100% Location: UK |
Many Thanks for all your inputs ref this ;-) I have now (like many) updated to FF 3.5.2 and my "secure browsing" within PSI now showing as all issues with FF now being fixed....IE8 now only has 1 security issue as discussed in your posts. Thankyou very much for your continued feeds in this forum. -- HP dv7 3.00GB RAM Win 7 Home Premium 64 bit AMD Phenom P820 II Triple Core IE 9 |
||||||||
|
|||||||||
| wr | RE: Insecure browser | ||||||||
|
|
5th Aug, 2009 21:21 | ||||||||
| Score: 298 Posts: 717 User Since: 30th Mar 2008 System Score: 100% Location: US |
Good to hear from you oldyorkie & good to know "we" finally got @ least one secure browser-hopefully it'll stay that way for awhile. Regards, wr -- HP Pavilion Slimline Windows Vista Home Premium SP2 32 bit AMD Athlon 64 X2 Firefox 17.0.6 ESR The weakest link of a computer system is always sitting in front of the monitor. |
||||||||
|
|||||||||
| oldyorkie | RE: Insecure browser | ||||||||
|
|
5th Aug, 2009 21:29 | ||||||||
| Score: 6 Posts: 32 User Since: 7th Aug 2008 System Score: 100% Location: UK |
on 5th Aug, 2009 21:21, wr wrote: Good to hear from you oldyorkie & good to know "we" finally got @ least one secure browser-hopefully it'll stay that way for awhile. Regards, wr LOL. Fingers crossed! Take Care oldyorkie -- HP dv7 3.00GB RAM Win 7 Home Premium 64 bit AMD Phenom P820 II Triple Core IE 9 |
||||||||
|
|||||||||
