Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Anthony: FF web gl vulnerability?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as resolved.
puget1 Anthony: FF web gl vulnerability?
Member 21st Jun, 2011 19:01
Ranking: 0
Posts: 551
User Since: 21st Dec, 2007
System Score: N/A
Location: US
Last edited on 21st Jun, 2011 19:23

Anthony

Did about config to disable web gl and secure from vulnerability. Now I can no longer use FF for forum. Try to navigate and all I get is sent back to profile page. This occured in both FF4.0.1 and 5.0. Able to access forum via IE. So, is web gl a part of Secunia config or needed? Secondly ,if using sandboxie can forum be access when enabled?

--
Windows Home Basic-Service Pack 2
Dell AMD Athlon 64x2 Processor 4000+ 2.10Ghz 2Memory 32 Bit

Firefox 27+ - MS Security Essentials+Spybot-Spyware Blaster-Malwarebytes-Emsisoft Malware- Sandboxie

IE 9-seldom













Post "RE: Anthony: FF web gl vulnerability?" has been selected as an answer.
Anthony Wells RE: Anthony: FF web gl vulnerability?
Expert Contributor 21st Jun, 2011 20:50
Score: 2445
Posts: 3,334
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi puget 1 ,

Firefox is still (more or less) Beta but the RTM will be the WebGL patch as I read things ; it it not showing in 4.0.1 updates as of this moment . You could try 5 without disabling the WebGL (if you are brave) and see if you get to the Forum .

Bit busy atm , so cannot speak about access to the Forum and Secunia requirements . Sandboxie does not stop me entering the Forum in either Ff or Chrome but I have not had time to check whether it woukl be effective against the exploit ; the problem being that the bad guy in the box can still read your HDD even if he cannot get onto it . You would need to ask Tzuk on the Sandboxie Forum ; he knows everything !!

Gotta go , let us know what you can find .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
Anthony Wells RE: Anthony: FF web gl vulnerability?
Expert Contributor 21st Jun, 2011 23:49
Score: 2445
Posts: 3,334
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello again puget 1 ,

Ff 5.0 is now full release and my 4.0.1 ran it's internal update .

The release notes indicate that there are security fixes and two refer to WebGL , so it looks as if the vulnerability has been patched , at least in part and probably in full .

The advisory says it is unpatched in 4.0 and suggests the solution as an upgrade to 5.0 . :-

http://secunia.com/advisories/44972/

The PSI detection rules are not yet updated so Ff has disappeared from the display .

How are you getting along ??

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
Anthony Wells RE: Anthony: FF web gl vulnerability?
Expert Contributor 21st Jun, 2011 23:55
Score: 2445
Posts: 3,334
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 21st Jun, 2011 23:58
Hello again puget 1 ,

This is a supposed "EDIT" to my last reply which adds the Mozilla link ; instead you get a whole repost full ?!

Ff 5.0 is now full release and my 4.0.1 ran it's internal update .

The release notes indicate that there are security fixes and two refer to WebGL , so it looks as if the vulnerability has been patched , at least in part and probably in full :-

http://www.mozilla.org/security/announce/

The advisory says it is unpatched in 4.0 and suggests the solution as an upgrade to 5.0 . :-

http://secunia.com/advisories/44972/

The PSI detection rules are not yet updated so Ff has disappeared from the display .

How are you getting along ??

Anthony



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
bjm__ RE: Anthony: FF web gl vulnerability?
Member 22nd Jun, 2011 00:03
Score: 64
Posts: 374
User Since: 9th Mar 2009
System Score: 100%
Location: US
on 21st Jun, 2011 19:01, puget1 wrote:
Anthony

Did about config to disable web gl and secure from vulnerability. Now I can no longer use FF for forum. Try to navigate and all I get is sent back to profile page. This occured in both FF4.0.1 and 5.0. Able to access forum via IE. So, is web gl a part of Secunia config or needed? Secondly ,if using sandboxie can forum be access when enabled?


FWIW ~ I disabled WebGL in FF4.0.1 and was/am able to access Secunia Forum via FF 4.0.1 and now via FF5.0
background info re WebGL
http://www.contextis.com/resources/blog/webgl/
http://techtrickz.com/how-to/disable-webgl-in-goog...
Was this reply relevant?
+1
-0
Maurice Joyce RE: Anthony: FF web gl vulnerability?
Handling Contributor 22nd Jun, 2011 00:06
Score: 11744
Posts: 9,001
User Since: 4th Jan 2009
System Score: N/A
Location: UK
@bjm,
As U know I do not use Firefox but have been working on it privately for someone. I think there is a file problem with version 5 hence its none appearance - see my observation here:

http://secunia.com/community/forum/thread/show/990...

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
bjm__ RE: Anthony: FF web gl vulnerability?
Member 22nd Jun, 2011 00:12
Score: 64
Posts: 374
User Since: 9th Mar 2009
System Score: 100%
Location: US
@ puget1
don't know what happened to edit
forgot to write.. I am able to access Secunia Forum with WebGL disabled and with FF5.0 sandboxie'd
Hope this helps
Was this reply relevant?
+1
-0
Anthony Wells RE: Anthony: FF web gl vulnerability?
Expert Contributor 22nd Jun, 2011 00:12
Score: 2445
Posts: 3,334
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi all ,

I have replied to threadlinked by Maurice . The full version has the correct .exe file version number .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+2
-0
puget1 RE: Anthony: FF web gl vulnerability?
Member 22nd Jun, 2011 01:00
Score: 0
Posts: 551
User Since: 21st Dec 2007
System Score: N/A
Location: US
Thank-you all, darn this forum is GREAT!..Wiil start reading up on the links and see where I went wrong. I quess I am in for a little Heidelburg and atleast an hour or two of figureing it out. Thanks again!!!

--
Windows Home Basic-Service Pack 2
Dell AMD Athlon 64x2 Processor 4000+ 2.10Ghz 2Memory 32 Bit

Firefox 27+ - MS Security Essentials+Spybot-Spyware Blaster-Malwarebytes-Emsisoft Malware- Sandboxie

IE 9-seldom












Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer