Firefox Exploit Adds Fuel to Browser Security Feud

An anonymous reader writes "Washingtonpost.com is reporting that a fairly nasty exploit has been released for a security hole that Firefox patched just yesterday. This is sure to add fuel to the ongoing heated debate over whether Mozilla is any safer the Internet Explorer." From the article: "This is not your run-of-the-mill proof of concept exploit code. It appears to be quite comprehensive, and would allow any attacker to use it with only slight modifications. According to the advisory, the code is designed to be embedded in a Web site so that anyone computer visiting the evil site with Firefox or Netscape would open up a line of communication with another Internet address of the attacker's choice, effectively letting the bad guys control the victim computer from afar."

Welcome

[Anonymous Coward]

I for one welcome our new Firefox hacking overlords.

Woo! Finally!

[daniil]

Firefox is finally catching up with the market leader! Woo!

Good news!

[Otter]

On the plus side, the exploit is released under the GPL. This just goes to show the superiority of open-source over proprietary exploits!

Also on the plus side, the Washington Post link crashes my IE, so I can't even read the anti-Firefox news. Score another for Mozilla!.

Commence the Microsoft conspiracy theories...

[slashdotnickname]

...because we all know that no self-respecting hacker would attack a friend of open-source such as FireFox. These exploit discoveries are being secretly funded by Microsoft!

Re:Question

[tktk]

Does the Washington Post, or any other mainstream media outlet, publish a story whenever an exploit is released in the wild for Internet Explorer?

No... because it's hideously expensive to print 10lb newspapers every day.

That can only mean one thing ....

[photonic]

Microsoft has stopped working on IE7 and has its PhD's working full-time on writing exploits for known holes...

Re:Exploits as remote administration tool?

[thedustbustr]

Yup. I'm currently purposefully remote administering your machine as we speak.

Screw it...I'm moving to Lynx!

[PenguinBoyDave]

Let's see them attack my text-based browser!

did anyone else notice...

[advocate_one]

that the actual exploit was released under the GPL... this means that anyone who takes it and modifies it has to release their improvements if they then proceed to distribute it... so if anyone does get infected, please get the person you got it from sued by Gnu for failing to make the source code available as well...

Well that tears it!

[dpilot]

I'm going to rip Linux out of all my boxes, install WinXP SP2, and do all of my web surfing on IE with ActiveX enabled, just to be safe!

Why Firefox is still better than IE...

[gsfprez]

I just removed Firefox from this computer and installed Opera. No problem.

I also just tried to remove IE... no luck.

Firefox is still better.

Re:Browser shmouser

[Reglar_Joe]

You talk as if penis enlargement isn't a good thing.

Re:That can only mean one thing ....

[sharkey]

Great! Non-functional malicious code is the best kind of malicious code.

Re:Vunerability counts say nothing.

[Innova]

To get security you have to spend a metric-fuckton of CPU cycles.

How many Volkswagon Beetles does it take to carry a metric-fuckton?

Re:Browser shmouser

[jacksonj04]

You talk as if you need it ;-)

Re:Browser shmouser

[pohl]

Nice link in your sig...so Linus doesn't like slashdot, but he follows it anyway. Doesn't that mean he's just like the rest of us?

Hey, a new game!

[Sialagogue]

I'd like to propose a new game here on Slashdot, called "Six Degrees of Microsoft." The objective is to relate *any* story, from browser exploits, to RFID tags, to new features on Google maps back to some oversight, corruption, or other evil perpetrated by Microsoft.

Understand, I'm not even saying I necessarily disagree with the parent post, I just think that every Slashdot post in the future should have at least one response titled "Six Degrees of Microsoft." Firefox/IE posts are easy, but "GBA SP Updated with Brighter Backlit Screen" might be a bit more of a challenge.

Good luck...

Re:Question

[e2d2]

No... because it's hideously expensive to print 10lb newspapers every day.

Me thinks you've never read the print version of the washington post then.. It really _does_ weigh ten pounds already.

Re:Even without root things can get nasty

[Anonymous Coward]

For some reason a firewall-type program for files (modification, creation and deletion) came to mind. But you'll have to ponder about this for yourself, I'm horny and need some more pr0n now.