Last night, my wife was running Firefox 2.0.0.5 which I recently installed and received a message in Swedish with a Firefox logo that, because of visiting certain sites, she was in danger of "having her career and personal life ruined, credit card info exposed" etc. and that she should click on ok to run some sort of cleanup. (Exact message, she doesn't remember). She simply closed Firefox and rebooted the computer.

We non-experts, would greatly appreciate information and tips about this incident - it was a threatening message and scared her!

Sorry I don't have more exact ifo; any help appreciated!

- Laurence

-elare14@yahoo.com

The headline and conclusion of this news post is incorrect. There are two issues here: one in IE which could affect Firefox or other apps, and one in Firefox which could affect other apps.

It's possible for a website to use a URL which will cause Internet Explorer to launch a program with unsafe arguments, allowing for remote code execution. That problem still exists in Internet Explorer. Mozilla made sure that Firefox wouldn't get any of those unsafe arguments, but other programs like Trillian are still vulnerable to the IE bug.

It was then discovered that a similar issue also exists in Firefox: a website could use a URL to get Firefox to launch a program with unsafe arguments.

So right now, both Firefox and Internet Explorer have the same URL handling bug. Mozilla fixed Firefox so it can't be affected by IE's bug, and Mozilla also plans to fix Firefox's own bug. Microsoft, on the other hand, is currently plugging its ears and acting like there's no problem.

To my knowledge, the bug has not yet been found in Opera or Safari, but I wouldn't be surprised if it suddenly came up. It wouldn't be the first time this sort of vulnerability was found in all major browsers.

Most comment readers are just looking to flame or looking to counterflame, so no use me posting anything here (OH NO! I just did...)

Opera RULES

They need to get Firefox 3 released and stop fritzing around with version 2. As for Opera, it still has serious rendering problems. The entire browser debate has become very boring.

I use 3, the same problem exists.

What rendering issues are those then? It's one of the few browsers to actually pass the Acid2 test, and the upcoming 9.5 passes 100% of the CSS3 tests..

http://storage9.myopera....huibk/files/opera95.png

If you want to pick faults, lets talk about Firefox's horrendous security track record, or it's documents unfixable memory leaks..

Just use Opera, even hackers admit, it's the most secure way to be online.. Anyone wih any sense will have seen the pattern, plenty of issues affecting Firefox and IE, very few ever affect Opera.

http://www.securityfocus.com/news/11476/1
(page 2)

"Anything else you'd like to add?

I would advise you to use the Opera browser with scripts and plug-ins disabled in order not to be caught by the MPack someday."

I'd use opera, but then I couldn't block certain things I can with Firefox. I know it's possible in opera, but it's a real hassle. Blocking certain things in ff is why I started using it in the first place. I "took back" the web, so to speak.

I do use opera on my mobile. Ironically it's more bloated than pocket IE. But it's faster in pageviews and has better features.

??? Since when has a 114Kb web browser been bloated?

My Opera 4 Beta is showing as being 114Kb is size!!

When I start it it takes about 10-15 seconds to start.

So it must be Opera's fault and not other conflicting software, right?

Just a thought...I could be wrong. For the record I don't use Opera either.

Piece of living s***, you are talking of Opera MINI 4 beta, for cellphones. Get your astonishing ignorance elsewhere or don't try to confuse other people.

Yeah, it is opera's fault, when it's the slowest software on my phone.

Look, stop trying to defend it. I know it's fast on a PC. I know it can't do what I want on it easily, either.

It's slow on a pocketpc, there ain't nothing more to do about that either.

"I do use opera on my mobile. Ironically it's more bloated than pocket IE."

It was a followup to a post about mobile browsers, you idiot.

And the beat goes on.

Please, MS will never admit to screwing up. At least the find folks at Mozilla will! Okay, everyone messes up once in awhile. I think the the Firefox folks have a long way to go to match the complete ****-up that IE is!

troll #1

Webster defines an idiot as a person affected with idiocy, or a foolish or stupid person.

Wikipedia - meaning an "uneducated or ignorant person."

Thank god, I was able to add your picture to further help others understand the concept. To even further illustrate, Snyder's picture should be right next to yours. I am sure she might have something to say, but she will have to take her foot out of her mouth first.

retardo-(tempus3) the problem isn't ie, it is ff. they allow a different URI structure which causes the problem, This is why MS isn't releasing a patch.
Read the article again. obviously you are commenting without reading the article in full.

Ineptitude will always precede ignorance.

Personal attacks? Well, you revealed your own insecurities. I was making the point that MS never makes a mistake (at least in their own eyes). I did indicate that Mozilla admitted that the error was theirs (you might try reading my post again)and gave them credit for that.

Wow you are retarded. If your point was to say "MS never makes a mistake (at least in their own eyes)." or admits to them, then what do you call their patch Tuesdays? They admit security problems every time a patch comes out.

so because instead of wasting time and effort telling everyone there is a new bug, they just make a patch and release it, that means they dont admit to any wrongs?

This is why I don't use web browsers. At the moment, I am jacked directly into the matrix.

Yeah, you just wait till someone buffer-overflows your brain.

Great, Microsoft is no longer the only company that is in denial about security issues.

As long as they fix it and deliver the browser I continue to love...And get it done without wasting my precious browsing time having to fix this.

Great, Microsoft is no longer the only company that is in denial about security issues.

Mozilla Admits Firefox Exploit Caused by Firefox Bug, Not IE

Please explain how you came to that conclusion.

It pains me to say it, but I agree with PC_Tool. How are they in denial when they admitted to it!!

It was the arrogance implied by their initial blaming of IE - it smacked a little of Apple smuggery, and I'm a Firefox-lover. The retraction was good, however, and free from spin.

so because they may or may not have honestly thought it was an ie problem they are to blame for a wrongful analysis of the problem? engineers and programers make mistakes you know.