Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Reported vulnerability Firefox and Chrome6/17/11

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as resolved.
puget1 Reported vulnerability Firefox and Chrome6/17/11
Member 18th Jun, 2011 19:42
Ranking: 0
Posts: 551
User Since: 21st Dec, 2007
System Score: N/A
Location: US
Last edited on 18th Jun, 2011 21:09

Advised of reported vulnerability in Firefox and Chrome via News service (my time) 6-17-11@1800 hrs NW-US) of severe hacking allowing complete take over of the two browsers. I.E. and other browsers safe. FireFox will be corrected in following week. That is all I have. Possibily linked to Adobe flash player advisory in Secunia ? Anyone having more knowledge please advise. Thanks

--
Windows Home Basic-Service Pack 2
Dell AMD Athlon 64x2 Processor 4000+ 2.10Ghz 2Memory 32 Bit

Firefox 27+ - MS Security Essentials+Spybot-Spyware Blaster-Malwarebytes-Emsisoft Malware- Sandboxie

IE 9-seldom













Post "RE: Reported vulnerability Firefox and Chrome6/17/11" has been selected as an answer.
Anthony Wells RE: Reported vulnerability Firefox and Chrome6/17/11
Expert Contributor 18th Jun, 2011 21:36
Score: 2369
Posts: 3,279
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 18th Jun, 2011 21:38
Hi puget 1 ,

The only thing Secunia has is this SA for Firefox 4.0.1 :-

http://secunia.com/advisories/44972/

and Mozilla are showing a critical problem as patched in 4.0.1 in their Advisories :-

http://www.mozilla.org/security/known-vulnerabilit...

Sans Storm Centre shows green .

Keep us posted if you come up with anything different ; will check back later after watching Rory Mc in his 3rd round at the CCC .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
Maurice Joyce RE: Reported vulnerability Firefox and Chrome6/17/11
Handling Contributor 18th Jun, 2011 23:45
Score: 11295
Posts: 8,716
User Since: 4th Jan 2009
System Score: N/A
Location: UK
I think this is what is all about:

http://www.contextis.co.uk/resources/blog/webgl2/

As Secunia advise U should switch off WebGL.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
puget1 RE: Reported vulnerability Firefox and Chrome6/17/11
Member 19th Jun, 2011 01:21
Score: 0
Posts: 551
User Since: 21st Dec 2007
System Score: N/A
Location: US
Thank-you senior contributors. The links must be it,from both of you. Now! in the "No-scipts" add on, there is under embeddings a check box "Forbid Web GL" does this cover it, and would you be protected? If so then I can breath. Hope this helps others.

--
Windows Home Basic-Service Pack 2
Dell AMD Athlon 64x2 Processor 4000+ 2.10Ghz 2Memory 32 Bit

Firefox 27+ - MS Security Essentials+Spybot-Spyware Blaster-Malwarebytes-Emsisoft Malware- Sandboxie

IE 9-seldom












Was this reply relevant?
+0
-0
Maurice Joyce RE: Reported vulnerability Firefox and Chrome6/17/11
Handling Contributor 19th Jun, 2011 02:08
Score: 11295
Posts: 8,716
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 19th Jun, 2011 02:29
I do not use either Firefox or Google/Doubleclick so have not checked it all in great detail.

Looks like Secunia are advising to switch it off as a workaround.

Did U check the Contextis FAQ here:

http://www.contextis.co.uk/resources/blog/webgl/fa...

Edit: Looks like Firefox version 5 is now out of BETA & they have been tinkering with this problem. Might be worth an upgrade to RTM & full PSI scan to see what happens.



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
Anthony Wells RE: Reported vulnerability Firefox and Chrome6/17/11
Expert Contributor 19th Jun, 2011 02:30
Score: 2369
Posts: 3,279
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 19th Jun, 2011 02:37
Hello again ,

Rory is safe in the clubhouse and I'm off to bed :))

This Mozilla website (noted in the SA) tells you how to disable WebGl in Ff 4.0.1 :-

http://blog.mozilla.com/security/2011/06/16/webgl-...

I do not use NoScript so I cannot speak for it , but it sounds like a possible approach , the Mozilla workaround would be more specific . I'm running my browsers in Sandboxie (even if Chrome is already boxed) as a base precaution . Might have a different thought by tomorrow , but the SA only classes it as a CAT 1 so I'll not loose any sleep over it !!

Sleep well :))

Anthony

PS: the FAQ from Maurice's link gives full details and pictures for disabling in both Ff and Chrome .

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
puget1 RE: Reported vulnerability Firefox and Chrome6/17/11
Member 19th Jun, 2011 02:54
Score: 0
Posts: 551
User Since: 21st Dec 2007
System Score: N/A
Location: US
Thanks -you Maurice and Anthony that is definitely the solution and that is the vulnerability as indicated in the news report

--
Windows Home Basic-Service Pack 2
Dell AMD Athlon 64x2 Processor 4000+ 2.10Ghz 2Memory 32 Bit

Firefox 27+ - MS Security Essentials+Spybot-Spyware Blaster-Malwarebytes-Emsisoft Malware- Sandboxie

IE 9-seldom












Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability