Unpatched Firefox 1.5 exploit made public

TalkBack 35 of 200:: Next »; « Previous

Thread View
Flat View

We rolled out the fix 2 hours ago: As a windows system admin, we rolled out a temporary suspension of all history files accross the network an hour ago.

but even with this we have copied all the .dat files, and will have a rollback feature in place later today which will allow us to restore the old .dat file if a corruotion occurs, we will then restore history functionality.

So yes we take it seiously, but its only a minor bug that does not pose a security risk to the network.

A series of backups of the .dat files and restoring these looks fine and should solve the issue. When we finish the testing we will have it rolled out.

Than goodness its a simple open source file. so its easy to fix. If it was a proprietry mail .pst corruption or the like, we could have had a real problem.

Its worth knowing about, but not the "exploit" that the headline proclaims.; Posted by: The_Q Posted on: 12/08/05 You are currently: a Guest | Members login | Terms of Use

Reply to Story No further replies to this post will be accepted.

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Sue the jerk Real World | 12/08/05

What vulnerbilty? voska | 12/08/05

From the story ShadeTree | 12/08/05

than a correct title would be: tombalablomba | 12/08/05

or, more correctly kiz | 12/08/05

Not a vulnerability OhMyGosh | 12/08/05

Re: Not a vulnerability GreyGeek | 12/08/05

Fake vulnerability to hide news about more Windows holes wackoae | 12/08/05

What companies are backing ZDnet? DontFeedTrolls | 12/08/05

Still waiting for Mozilla/Firefox to mention it on their Boot_Agnostic | 12/08/05

Already did - on the 3rd. eventhorizon5 | 12/08/05

No the homepage Boot_Agnostic | 12/08/05

You mean like Microsoft does? Quiet_Type | 12/08/05

So you want FireFox to be like MS Boot_Agnostic | 12/08/05

everything has a place... belkorin | 12/19/05

Shall We Give Them 1 Month Max? lbattis@... | 12/08/05

Re: Sue the jerks GreyGeek | 12/08/05

It's a BUG!!! kiz | 12/08/05

You must have missed ShadeTree | 12/08/05

Presumably? kiz | 12/08/05

And you are just presuming that there is not. ShadeTree | 12/08/05

Kiz is right voska | 12/08/05

Look up could and will in the dictionary jumpa | 12/08/05

Dual vaporware Roger Ramjet | 12/12/05

Not a vulnerability OhMyGosh | 12/08/05

Newsflash buddy toadlife | 12/08/05

Open Source will always have it's bugs/exploits blown out of proportion DontFeedTrolls | 12/08/05

DoS Attack HereInOz | 12/11/05

I hardly call this an exploit voska | 12/08/05

Read the whole story! ShadeTree | 12/08/05

I did, I don't see how that could work voska | 12/08/05

So even though the security firm that found the problem ... ShadeTree | 12/08/05

You're not reading the article now voska | 12/08/05

are we picking nits now? shraven | 12/08/05

We rolled out the fix 2 hours ago The_Q | 12/08/05

Please show me the part ... ShadeTree | 12/08/05

This is a classic attack Still Lynn | 12/08/05

Not a vulnerability OhMyGosh | 12/08/05

It is important to some. bjbrock | 12/08/05

I use Firefox not because it's better voska | 12/08/05

Agreed. Twey | 12/08/05

Opera vs FireFox nevtxjustin@... | 12/08/05

It is important. tinyallen@... | 12/09/05

Bad programing pkrdk | 12/17/05

re: It is important to some belkorin | 12/19/05

Do you work for Microsoft voska? toadlife | 12/08/05

It still has to be fixed. osreinstall | 12/08/05

Good job @$$holes keep it up..... JoeMama_z | 12/08/05

Actions aginst ABM = criminal, yest same agains M$ = flaw? DanielB | 12/08/05

How? techboy_z | 12/08/05

suggestions timeofmind | 12/08/05

Ok...thought that might be it, but... techboy_z | 12/08/05

Thanks, but don't you mean...? sierrarancher | 12/08/05

Incorrect for Firefox 1.5 myrddin@... | 12/08/05

Different OSes mnordhoff | 12/08/05

History copmom | 12/08/05

a small hand tombalablomba | 12/08/05

Use FIREFOX and be done with it!! Oh wait. . . Boot_Agnostic | 12/08/05

Use OPERA and be done with it kiz | 12/08/05

About a week ago.. On this very site (NT) ju1ce | 12/08/05

Opera? gardoglee | 12/08/05

Opera count is probably inaccurate Quiet_Type | 12/08/05

Ya, lets not over react,... Cayble | 12/08/05

Hey, yer stealing my material! Reverend MacFellow | 12/08/05

Stealing, is there even such a thing at Zdnet Boot_Agnostic | 12/08/05

Temporary Fix I'm Ye, the MS SHILL . | 12/08/05

what page you looking at? rogueOne | 12/08/05

"Settings" is a button in "History" kdl | 12/09/05

Thanks! sierrarancher | 12/08/05

How basic of a feature is the history bjbrock | 12/08/05

Exploit? Ha! Slow day in the news room! PVkWatts | 12/08/05

But isn't some person or group publishing exploit code Boot_Agnostic | 12/08/05

No. Fred Fredrickson | 12/08/05

Still, important to report Boot_Agnostic | 12/11/05

Message has been deleted. itanal | 12/08/05

itanal mysticrhythms | 12/08/05

Message has been deleted. itanalyst | 12/08/05

Itanal Is Inarticulate, However ... PMC-CON | 12/08/05

Message has been deleted. itanal | 12/08/05

RE: BWHAHAHHAHA!!! Firefox SUCKS. ski309 | 12/08/05

i agree mozart_z | 12/08/05

Correction DragonlordWarlock | 12/08/05

95% of people use Capital Letters SC-man | 12/09/05

Firefox doesn't suck! copmom | 12/08/05

Too much porn copmom theraven_z | 12/08/05

WHAT?????????? Daymon | 12/08/05

Actually DragonlordWarlock | 12/08/05

Illistration DragonlordWarlock | 12/08/05

Ha! Calm down a little! Cayble | 12/08/05

Classis FUD xyz10_z | 12/09/05

That's irrelevant Linux Geek | 12/08/05

and todbran@... | 12/08/05

Ever seen the T.V. show LOST? Cayble | 12/08/05

MS Software and SPAM Emu-1 | 12/09/05

Tell that to the people who get viruses quantumstate | 12/09/05

firefox wayneburt | 12/08/05

That's easy John L. Ries | 12/08/05

Info from Mozilla eventhorizon5 | 12/08/05

as long as deviants exist..... Hey U | 12/08/05

Evil is platform independent. DanielB | 12/08/05

Big difference between possibilities and trends bpick_z | 12/08/05

Please elaborate toadlife | 12/08/05

Where to begin? bpick_z | 12/08/05

You're unqualified to discuss this subject... ye | 12/08/05

Thanks ye toadlife | 12/08/05

There is a diff between admin and superuser bpick_z | 12/08/05

You nailed me bpick ! toadlife | 12/08/05

Doh! Fixed link toadlife | 12/08/05

There's little difference between the two ye | 12/09/05

bpick your superuser is overrated osreinstall | 12/09/05

What is wrong with Windows security michael_t | 12/08/05

What do you mean? ye | 12/08/05

The biggest thing wrong with Windows security is... toadlife | 12/08/05

The Default Security Setup in Windows is Worse PMC-CON | 12/14/05

Root does not equal Superuser does not equal Admin bpick_z | 12/08/05

lol toadlife | 12/08/05

Ya know... 3D0G | 12/09/05

Your answer wexwimpy@... | 12/13/05

Safari Flaws Will Be Found Soon PMC-CON | 12/08/05

So you agree Apple is far more secure today... bpick_z | 12/08/05

No. ye | 12/08/05

You're right... bpick_z | 12/08/05

How old are you? Nine? Ten? ye | 12/09/05

Re:Safari Flaws and other myths Microsurfers want to believe GreyGeek | 12/08/05

Non sequitur ye | 12/08/05

Doesn't matter tankboy osreinstall | 12/08/05

Lynux may be no Abrams, but Windoze is definitely the Pinto of Security bpick_z | 12/08/05

Not mine. I haven't been infected since DOS 6.22. osreinstall | 12/09/05

It's not called the 'dark side' for nothing. (NT) bpick_z | 12/08/05

Notice it's only a problem in Windoze bpick_z | 12/08/05

Good to know Boot_Agnostic | 12/08/05

haha its why I use jackie40d@... | 12/09/05

What?????????????? darreno1 | 12/10/05

what???? darreno1 | 12/10/05

And they get control of the PC how ?? The_Q | 12/08/05

Oh my EI Flaw and FF not John Zern | 12/08/05

Actually, I am loking for honest reporting The_Q | 12/08/05

Through the power of attorney Boot_Agnostic | 12/08/05

outperform IE and netscape mjadler288@... | 12/08/05

Duh! Daymon | 12/08/05

In what ways? Quiet_Type | 12/08/05

disabling history.dat? joksup | 12/08/05

simple solution 4 now The_Q | 12/08/05

clear cache and history eachtime Firefox is closed PhilippeV | 12/08/05

so it's a bug??? mmckee58 | 12/08/05

You make a valid point The_Q | 12/08/05

Ha Ha Ha! tmartin827@... | 12/08/05

You had me until you said GreyGeek | 12/08/05

Doesn't really sound like a problem. DemonX | 12/08/05

Firefox better than Explorer william.findlay | 12/08/05

This is "tech journalism" that is either made by michael_t | 12/08/05

Yeah but Firefox isn't perfect darreno1 | 12/08/05

Nothing is perfect; but it is impossible to find something michael_t | 12/09/05

To each is own.... darreno1 | 12/10/05

Cross-Domain Security is A Shambles in IE6 PMC-CON | 12/14/05

Several have noticed your observation. GreyGeek | 12/08/05

I have seen this behavior taking place often enough to michael_t | 12/09/05

Unpatched Windows bug made public code_flogger | 12/08/05

So... [text inside] BlazeEagle | 02/02/06

Exploiters are a bad lot Boot_Agnostic | 12/08/05

It seems to me... Anti_Zealot | 12/08/05

Flaws in FireFox bettyanelson@... | 12/08/05

What to do? GreyGeek | 12/08/05

False sense of security darreno1 | 12/08/05

Re: false sense of security GreyGeek | 12/11/05

Yet another sleeper post from you darreno1 | 12/12/05

and I still have 1/100 th the problems del_oioi | 12/08/05

There is an alternative to buggy, insecure browsers... Scrat | 12/09/05

LOL ejhonda | 12/09/05

Lets get back to work VytautasB@... | 12/09/05

I agree tlmalexgro | 12/09/05

Firefox rgourlay@... | 12/09/05

I now have 1.5 jackie40d@... | 12/09/05

Windows XP? Oh COME ON, I thought you were SERIOUS! the_slash | 12/09/05

Linux? oh come on..... darreno1 | 12/10/05

Re:Linux? oh come on... GreyGeek | 12/11/05

Yawn!!! Keep the FUD coming zealot! darreno1 | 12/12/05

Re:Linux? oh come on... GreyGeek | 12/11/05

where is the problem? zclayton2 | 12/09/05

Nope IT Scion | 12/09/05

Identify Theft... robert.jones | 12/09/05

No DoS but still a big issue if.... IT Scion | 12/09/05

This article is bunk. There is NO crashing bjbrock | 12/09/05

Go here for a workaround! osreinstall | 12/09/05

Work around for what???? macaso | 12/09/05

This flaw nails older products too. osreinstall | 12/09/05

Firefox look like my brain ! MAXNet | 12/09/05

Message to the attackers MAXNet | 12/09/05

Has Anyone had a Firefox 1,5 crash ? mikemerch@... | 12/11/05

Yes osreinstall | 12/11/05

The ComputerTerrorism POC Crashes Firefox and IE PMC-CON | 12/14/05

RE History.dat Wonder Twins Power | 12/12/05

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
Reducing Server Total Cost of Ownership with VMware Virtualization Software VMware VMware virtualization enables customers to reduce their server TCO and ... Download Now

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SmartPlanet

Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
More from IBM
How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
Linking Decisions and Information for Organizational Performance Read the Tom Davenport study

Read the original story

Unpatched Firefox 1.5 exploit made public

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SmartPlanet

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads