Germany Warns Against Using Firefox 509
jayme0227 writes "Due to the recent exploit in Firefox, Germany has warned against its use. This comes a couple months after Germany advised against using IE. Perhaps we should start taking odds as to which browser will be next." Note: the warning (from the Federal Office for Information Security) is provisional, and should be rendered moot by the release later this month of 3.6.2.
3.6.2 released (Score:5, Informative)
Yup
3.6.2 is out. (Score:2, Informative)
A release that has just happened, in fact... (Score:3, Informative)
Firefox 3.6.2 was released earlier tonight: http://www.mozilla.com/en-US/firefox/3.6.2/releasenotes/ [mozilla.com]
To add some information to the void.. (Score:5, Informative)
The vulnerability *only* affects the current 3.6 branch. Patch is complete and will be pushed on the 30th of March.
Here is the Mozilla blog entry on the topic:
http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608 [mozilla.com]
Here is the original bug report:
http://secunia.com/advisories/38608 [secunia.com]
Ps: can we please get security related articles with some content instead of *OMG, we are all going to die!!* ??
Re:3.6.2 released (Score:5, Informative)
http://www.asciipr0n.com/ [asciipr0n.com]
Re:Responsible reporting (Score:2, Informative)
Yeah... that's actually encouraging, it means they are actually providing meaningful distinctive advise/suggestions, and not merely copy and pasting vendor vulnerability lists and activating pretty 'alert level' colors...
not like the US government, who yanked up what used to be the wonderful somewhat independent [but gov sponsored] organization called 'CERT', absorbed them into the department of homeland security, and turned them into US-CERT a mere vacant shadow of their former selves, just another clearinghose that lists every bloody little Windows vulnerability the earth has ever known, nothing too interesting, nothing too distinctive or useful anymore.
That is, ever since, CERT's usefulness has plummeted by orders of magnitude, nowadays they typically just parrot all the major commercial vendors' security advisories, even ridiculously minor ones --- I suppose this is great if you are a Windows user, it should convince you to switch, but for the rest of us it sucks.....
CERT has made what, 1 activity incident report based on actual events or compromises, intrusion patterns, intrusion details, or reports on new types of threats since 2001?
Governments don't know what to do about security, I guess... their efforts at 'reporting' just degenerate into vulnerability listing, and other mundane non-intelligence-requiring activity.
Either that or they think it's too dangerous to tell the public what direction attacks/bad guys seem to be heading.
Bah humbug! mod parent TROLL (Score:3, Informative)
mod parent TROLL...
Have you looked at the BSI page and linked mozilla blog page?
The mozilla blog entry was dated March 18th (giving March 30th as the release date for 3.6.2). The BSI advisory was dated March 19th (4 days before the story broke on slashdot; and 4 days before the actual release of 3.6.2).
So, you're saying, it was retaliation by BSI against Firefox, for publishing a release date the firefox crew themselves published the day before?
On March 19th - with the projected release date 11 days away, it seems it was perfectly in order for BSI to recommend use of an alternative for those 11 days:
"empfiehlt das Bürger-CERT die Nutzung alternativer Browser, bis die Mozilla Firefox Version 3.6.2
veröffentlicht ist."
This has nothing to do with fear-mongering - but simply that during a potential danger period, people might want to watch out. Their article clearly stated it only affected 3.6, and their article stated that their advisory is temporary 'until 3.6.2 is released'.
How is that retaliation?
Re:the way to go (Score:3, Informative)
"Security
Fixed
Fixed an issue where the HTTP Content-Length header could be used to execute arbitrary code; see our advisory (http://www.opera.com/support/search/view/948/).
Fixed an issue where XSLT could be used to retrieve random contents of unrelated documents, as discovered by crazypops; see our advisory (http://www.opera.com/support/search/view/949/)."
OH SNAP SON! So much for those skilled contractors and their superior skills.
Re:Free software in action (Score:2, Informative)
Re:And the risk is??? (Score:2, Informative)
A WOFF font is a Web Open Font Format font.
http://hacks.mozilla.org/2009/10/woff/ [mozilla.org]
It's basically an extension of the @font-face rule with it's own compression and meta tagging. Please don't tell my designers about it.
Re:Google Chrome. (Score:4, Informative)
> That's true, as long as you turn off Google as the default search, disable cookies
And don't forget about LSO cookies (Flash directory), that do NOT get deleted by FF's cookie deletion on exit. Extra add-on is needed (BetterPrivacy) to do so.
Oh...and MozDevs...please restore the 'Clear History on Exit' window on browser exit. Thanx!
Re:Free software in action (Score:2, Informative)
It is "bloated" in the sense of feeling slow to begin with. XUL and XML based GUI is probably the worst idea ever. If you've ever used Opera, you know just how fast and snappy the UI feels. This is what has always put me off from Firefox - it just doesn't feel good.
Re:Free software in action (Score:2, Informative)
OK: Some facts then (about Opera speed & secur (Score:0, Informative)
See subject-line above, & also, note this report from SECUNIA:
----
Vulnerability Report: Opera 10.x:
http://secunia.com/advisories/product/26745/ [secunia.com]
Unpatched 0% (0 of 5 Secunia advisories)
----
Download Opera 10.51 FINAL RELEASE, here:
http://my.opera.com/desktopteam/blog/ [opera.com]
----
OPERA ALSO SURPASSES FIREFOX IN BROWSING SPEED, at BOTH the javascript processing & HTML processing/parsing speeds levels as well, consistently & for years, no less!
Per latest:
1.) SunSpider tests done here recently -> http://www.pcpro.co.uk/gallery/features/356350/on-test-the-hidden-seven-browsers-in-the-windows-ballot/145087 [pcpro.co.uk]
2.) AND IT HAS BEEN "BLOWING AWAY" FIREFOX IN HTML PARSING/PROCESSING SPEEDS AS WELL, & FOR YEARS NOW, per this test years ago -> http://www.howtocreate.co.uk/browserSpeed.html#win [howtocreate.co.uk] and this one too last year also -> http://crave.cnet.co.uk/software/0,39029471,49302491,00.htm [cnet.co.uk]
("Beat that with a stick", as the saying goes!)
APK
P.S.=> Nicest part about Opera is that it originates a LOT of what folks consider cool, as far as browser features, & first (e,g, - tabbed browsing anyone), & it contains features you cannot get in FireFox & IE natively (i.e - without addons (such as site by site choices of whether to run javascript on a website, or not (javascript IS what gets you people all "hit" by these online attacks, & sites like SECUNIA.COM or SECURITYFOCUS.COM can show anybody that much, easily)))... apk
The BSI is not the Government (Score:1, Informative)
The article implies that Germany (meaning the government) has issued a warning. However, the BSI (Bundesamt für Sicherheit in der Informationtechnik (engl. Federal Agency for Safety and Security in Information Technology)) warned about an issue in firefox. So the BSI does the same job as CERT, they warn about security issues. It is not that the government made a law or a ruling or any other governmental thing. BTW: The same thing applies to the IE problem. And if there is a problem with Safari or Opera or Lynx or Telnet or any other browser you can think of then they will warn about it.
As Firefox is the most used browser in Germany, it is really important that the BSI warns people about any issue.
(I appologize for any inconvenience due to misuse of prepositions and articles in this post)
Re:First (Score:3, Informative)
https://www.bsi.bund.de/ContentBSI/Presse/Pressearchiv/Kurzmit2008/090908chrome_htm.html [bsi.bund.de]
And they also recommended against Opera 10.50:
http://www.buerger-cert.de/newsletter_suche.aspx?param=HGf116Hsnmjdg%2B95Lx4xLVfgHeBWpfgcdyqiMrbjzdH9yQ4jIcV6TY4STnzgjITQ%2BhD3uF8Dgn3F1%2BDy1Synkw%253d%253d#anchor1 [buerger-cert.de]
So, nothing to see here.
The BSI is not the Government (Score:3, Informative)
Re:governments warn us about exploits (Score:4, Informative)
Unresponsive, with a non-conforming UI, and the installer carries a payload of other apple software.