FireFox - IE Exploit Heads up - Mozilla

This is a discussion on FireFox - IE Exploit Heads up - Mozilla ; Sailfish wrote: >>> Surfing the net without Javascript is like surfing Santa Cruz in the >>> winter without a wet suit. Sure, it can be done but ... it kinda >>> takes a lot of fun out of it :_) ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 34 of 34

Thread: FireFox - IE Exploit Heads up

  1. Re: FireFox - IE Exploit Heads up

    Sailfish wrote:
    >>> Surfing the net without Javascript is like surfing Santa Cruz in the
    >>> winter without a wet suit. Sure, it can be done but ... it kinda
    >>> takes a lot of fun out of it :_)
    >>>

    >>
    >> Surely you didn't notice that what NoScript really allows is to deny
    >> Javascript by default on all sites and let you enable permanently or
    >> temporarily the ones you trust individually with just two mouse
    >> clicks. Once you make yourself a respectable white-list you can even
    >> backup it and import on other computers.

    >
    > Sure, but that's more work on my part. Using the same analogy, it like
    > going winter surfing with a wet suit but one size too small.
    >


    Oh come on!!! you make a thousand more clicks in a single browsing
    session than the amount you need to enable JavaScript on all the sites
    you visit regularly. And you only need to do that *once*. Reasons are
    reasons, but exaggerations are a whole different thing.

  2. Re: FireFox - IE Exploit Heads up

    Sailfish wrote:
    > Terry R. wrote:
    >> On 7/12/2007 10:15 AM On a whim, Sailfish pounded out on the keyboard
    >>
    >>> James wrote:
    >>>> squaredancer wrote:
    >>>>> On 12.07.2007 08:51, CET - what odd quirk of fate caused
    >>>>> stephen.novell@gmail.com to generate the following:? :
    >>>>>> http://isc.sans.org/diary.html?storyid=3121
    >>>>>>
    >>>>>> And
    >>>>>>
    >>>>>> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3511
    >>>>>>
    >>>>>> Lovely......
    >>>>>>
    >>>>>>
    >>>>> now you understand why I'm still running FF 1.5.0.9 :-P
    >>>>> Updates?? Security fixes?? hmmmmm...
    >>>>>
    >>>>> reg
    >>>> An interesting thread but with limited meaning to readers not familiar
    >>>> with those links and if they are likely to cause problems by going to
    >>>> them or if they are valid information links that are safe to visit. An
    >>>> explanation would be helpful to readers not familiar with those
    >>>> particular links.
    >>>>
    >>> I disagree. I found the links very useful and explanatory.
    >>>
    >>> I mean, if you can't trust .gov who can you trust? :_)
    >>>

    >>
    >> And another good reason that everyone should be using NoScript.
    >>

    > Surfing the net without Javascript is like surfing Santa Cruz in the
    > winter without a wet suit. Sure, it can be done but ... it kinda takes a
    > lot of fun out of it :_)
    >

    More like taking the seats out of the car and driving around sitting on
    stone benches. Not very comfortable, and looks rather bad.


    --
    Ron Hunter rphunter@charter.net

  3. Re: FireFox - IE Exploit Heads up

    Andrés M. wrote:
    > Sailfish wrote:
    >>>> Surfing the net without Javascript is like surfing Santa Cruz in the
    >>>> winter without a wet suit. Sure, it can be done but ... it kinda
    >>>> takes a lot of fun out of it :_)
    >>>>
    >>>
    >>> Surely you didn't notice that what NoScript really allows is to deny
    >>> Javascript by default on all sites and let you enable permanently or
    >>> temporarily the ones you trust individually with just two mouse
    >>> clicks. Once you make yourself a respectable white-list you can even
    >>> backup it and import on other computers.

    >>
    >> Sure, but that's more work on my part. Using the same analogy, it like
    >> going winter surfing with a wet suit but one size too small.
    >>

    >
    > Oh come on!!! you make a thousand more clicks in a single browsing
    > session than the amount you need to enable JavaScript on all the sites
    > you visit regularly. And you only need to do that *once*. Reasons are
    > reasons, but exaggerations are a whole different thing.


    it's rather like setting up a firewall. Aggravating in the beginning,
    but nice in the end.
    A lot of sites have javascript functions so integrated into the site
    operation that running with it off is going to be a 'next to impossible'
    thing on those sites.


    --
    Ron Hunter rphunter@charter.net

  4. Re: FireFox - IE Exploit Heads up

    John Thompson wrote:
    > On 2007-07-12, Sailfish wrote:
    >
    >> Andrés M. wrote:
    >>> Surely you didn't notice that what NoScript really allows is to deny
    >>> Javascript by default on all sites and let you enable permanently or
    >>> temporarily the ones you trust individually with just two mouse clicks.
    >>> Once you make yourself a respectable white-list you can even backup it
    >>> and import on other computers.

    >
    >> Sure, but that's more work on my part. Using the same analogy, it like
    >> going winter surfing with a wet suit but one size too small.

    >
    > A mouse click is too much effort for you? Sorry, but that's
    > just pathetic. You'd rather leave yourself vulnerable to drive-by
    > exploits rather than exerting yourself with a couple mouse clicks to
    > build a whitelist of trusted sites. There's the reason why the internet
    > so so full of malware and other crap.
    >

    It's more than just a "mouse click", it's a whole other
    blacklist/whitelist management process I need to get regimented to. How
    does one decide whether they "trust" a site? Well, they need to either
    try to google it for abuse or let it rip and blacklist it latter. This
    on top of the browser XPI installation blacklist/whitelist and mailnews
    blacklist/whitelist.

    So, what's a body to do? Well, for one, rather than complicate my
    browser experience with one more tedious tool, I say to myself,
    Self, since the early 90s how many times have I been hit with malware?

    Zero, you say, why is that do you suppose?

    Because I'm/you're careful not to lurk around pr0n and other
    questionable sites, I believe.

    Got it, thanks!

    Oh, you're quite welcome. Ta ta for now.


    --
    Sailfish - Netscape/Mozilla Champion
    Netscape/Mozilla Tips: http://www.ufaq.org/ , http://ilias.ca/
    mozilla-based Themes: http://www.projectit.com/freestuff.html

  5. Re: FireFox - IE Exploit Heads up

    Andrés M. wrote:
    > Sailfish wrote:
    >>>> Surfing the net without Javascript is like surfing Santa Cruz in the
    >>>> winter without a wet suit. Sure, it can be done but ... it kinda
    >>>> takes a lot of fun out of it :_)
    >>>>
    >>>
    >>> Surely you didn't notice that what NoScript really allows is to deny
    >>> Javascript by default on all sites and let you enable permanently or
    >>> temporarily the ones you trust individually with just two mouse
    >>> clicks. Once you make yourself a respectable white-list you can even
    >>> backup it and import on other computers.

    >>
    >> Sure, but that's more work on my part. Using the same analogy, it like
    >> going winter surfing with a wet suit but one size too small.
    >>

    >
    > Oh come on!!! you make a thousand more clicks in a single browsing
    > session than the amount you need to enable JavaScript on all the sites
    > you visit regularly. And you only need to do that *once*. Reasons are
    > reasons, but exaggerations are a whole different thing.


    I'm being quite reasonable, base on my own experience. In fact, I think
    people who feel the need to use NoScript are being overly cautious or,
    maybe not, depending on their surfing habits?

    --
    Sailfish - Netscape/Mozilla Champion
    Netscape/Mozilla Tips: http://www.ufaq.org/ , http://ilias.ca/
    mozilla-based Themes: http://www.projectit.com/freestuff.html

  6. Re: FireFox - IE Exploit Heads up

    John Thompson wrote:
    > On 2007-07-12, stephen.novell@gmail.com wrote:
    >
    >> http://isc.sans.org/diary.html?storyid=3121
    >>
    >> And
    >>
    >> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3511
    >>
    >> Lovely......

    >
    > Do note that this only applies to Windows users who have both IE and
    > Firefox installed, and are using IE as their browser, and don't have
    > NoScript installed.
    >
    > If you're not using Windows, or not using IE as your primary browser, or
    > have NoScript installed -- no worries.
    >

    While I don't know for sure, my guess is that the IE-Tab extension may
    open a door here, no?

    --
    Sailfish - Netscape/Mozilla Champion
    Netscape/Mozilla Tips: http://www.ufaq.org/ , http://ilias.ca/
    mozilla-based Themes: http://www.projectit.com/freestuff.html

  7. Re: FireFox - IE Exploit Heads up

    Ron Hunter wrote:
    > Sailfish wrote:
    >> Terry R. wrote:
    >>> On 7/12/2007 10:15 AM On a whim, Sailfish pounded out on the keyboard
    >>>
    >>>> James wrote:
    >>>>> squaredancer wrote:
    >>>>>> On 12.07.2007 08:51, CET - what odd quirk of fate caused
    >>>>>> stephen.novell@gmail.com to generate the following:? :
    >>>>>>> http://isc.sans.org/diary.html?storyid=3121
    >>>>>>>
    >>>>>>> And
    >>>>>>>
    >>>>>>> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3511
    >>>>>>>
    >>>>>>> Lovely......
    >>>>>>>
    >>>>>>>
    >>>>>> now you understand why I'm still running FF 1.5.0.9 :-P
    >>>>>> Updates?? Security fixes?? hmmmmm...
    >>>>>>
    >>>>>> reg
    >>>>> An interesting thread but with limited meaning to readers not familiar
    >>>>> with those links and if they are likely to cause problems by going to
    >>>>> them or if they are valid information links that are safe to
    >>>>> visit. An
    >>>>> explanation would be helpful to readers not familiar with those
    >>>>> particular links.
    >>>>>
    >>>> I disagree. I found the links very useful and explanatory.
    >>>>
    >>>> I mean, if you can't trust .gov who can you trust? :_)
    >>>>
    >>>
    >>> And another good reason that everyone should be using NoScript.
    >>>

    >> Surfing the net without Javascript is like surfing Santa Cruz in the
    >> winter without a wet suit. Sure, it can be done but ... it kinda takes
    >> a lot of fun out of it :_)
    >>

    > More like taking the seats out of the car and driving around sitting on
    > stone benches. Not very comfortable, and looks rather bad.
    >

    Hey, there's no reason to get personal in this discussion. And just how
    the hell did you know how I customized my first car??? :-)

    --
    Sailfish - Netscape/Mozilla Champion
    Netscape/Mozilla Tips: http://www.ufaq.org/ , http://ilias.ca/
    mozilla-based Themes: http://www.projectit.com/freestuff.html

  8. Re: FireFox - IE Exploit Heads up

    On 13.07.2007 05:51, CET - what odd quirk of fate caused John Thompson
    to generate the following:? :
    > On 2007-07-12, Sailfish wrote:
    >
    >
    >> Andrés M. wrote:
    >>
    >>> Surely you didn't notice that what NoScript really allows is to deny
    >>> Javascript by default on all sites and let you enable permanently or
    >>> temporarily the ones you trust individually with just two mouse clicks.
    >>> Once you make yourself a respectable white-list you can even backup it
    >>> and import on other computers.
    >>>

    >
    >
    >> Sure, but that's more work on my part. Using the same analogy, it like
    >> going winter surfing with a wet suit but one size too small.
    >>

    >
    > A mouse click is too much effort for you? Sorry, but that's
    > just pathetic. You'd rather leave yourself vulnerable to drive-by
    > exploits rather than exerting yourself with a couple mouse clicks to
    > build a whitelist of trusted sites. There's the reason why the internet
    > so so full of malware and other crap.
    >
    > Jeez...
    >
    >

    John, I must say that you have absolutely *NO SENSE* of adventure. Man,
    eh! It's only a computer!

    reg

  9. Re: FireFox - IE Exploit Heads up

    Sailfish wrote:
    > John Thompson wrote:
    >> On 2007-07-12, Sailfish wrote:
    >>
    >>> Andrés M. wrote:
    >>>> Surely you didn't notice that what NoScript really allows is to deny
    >>>> Javascript by default on all sites and let you enable permanently or
    >>>> temporarily the ones you trust individually with just two mouse
    >>>> clicks. Once you make yourself a respectable white-list you can even
    >>>> backup it and import on other computers.

    >>
    >>> Sure, but that's more work on my part. Using the same analogy, it
    >>> like going winter surfing with a wet suit but one size too small.

    >>
    >> A mouse click is too much effort for you? Sorry, but that's just
    >> pathetic. You'd rather leave yourself vulnerable to drive-by exploits
    >> rather than exerting yourself with a couple mouse clicks to build a
    >> whitelist of trusted sites. There's the reason why the internet so so
    >> full of malware and other crap.
    >>

    > It's more than just a "mouse click", it's a whole other
    > blacklist/whitelist management process I need to get regimented to. How
    > does one decide whether they "trust" a site? Well, they need to either
    > try to google it for abuse or let it rip and blacklist it latter. This
    > on top of the browser XPI installation blacklist/whitelist and mailnews
    > blacklist/whitelist.
    >
    > So, what's a body to do? Well, for one, rather than complicate my
    > browser experience with one more tedious tool, I say to myself,
    > Self, since the early 90s how many times have I been hit with malware?
    >
    > Zero, you say, why is that do you suppose?
    >
    > Because I'm/you're careful not to lurk around pr0n and other
    > questionable sites, I believe.
    >
    > Got it, thanks!
    >
    > Oh, you're quite welcome. Ta ta for now.
    >

    >

    To steal a quote from the Harry Potter books, CONSTANT VIGILANCE!
    Practicing safe hex is the most effective way to guard against
    malware/worms/trojans/rootkits, etc.


    --
    Ron Hunter rphunter@charter.net

  10. Re: FireFox - IE Exploit Heads up

    Sailfish wrote:
    > John Thompson wrote:
    >> On 2007-07-12, stephen.novell@gmail.com wrote:
    >>
    >>> http://isc.sans.org/diary.html?storyid=3121
    >>>
    >>> And
    >>>
    >>> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3511
    >>>
    >>> Lovely......

    >>
    >> Do note that this only applies to Windows users who have both IE and
    >> Firefox installed, and are using IE as their browser, and don't have
    >> NoScript installed.
    >>
    >> If you're not using Windows, or not using IE as your primary browser,
    >> or have NoScript installed -- no worries.
    >>

    > While I don't know for sure, my guess is that the IE-Tab extension may
    > open a door here, no?
    >

    IE Tab is basically the same as running IE, but you don't have to put up
    with the IE user-interface. It is subject to all other potential
    problems as running the whole application, so care is indicated.


    --
    Ron Hunter rphunter@charter.net

  11. Re: FireFox - IE Exploit Heads up

    Sailfish wrote:
    > Ron Hunter wrote:
    >> Sailfish wrote:
    >>> Terry R. wrote:
    >>>> On 7/12/2007 10:15 AM On a whim, Sailfish pounded out on the keyboard
    >>>>
    >>>>> James wrote:
    >>>>>> squaredancer wrote:
    >>>>>>> On 12.07.2007 08:51, CET - what odd quirk of fate caused
    >>>>>>> stephen.novell@gmail.com to generate the following:? :
    >>>>>>>> http://isc.sans.org/diary.html?storyid=3121
    >>>>>>>>
    >>>>>>>> And
    >>>>>>>>
    >>>>>>>> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3511
    >>>>>>>>
    >>>>>>>> Lovely......
    >>>>>>>>
    >>>>>>>>
    >>>>>>> now you understand why I'm still running FF 1.5.0.9 :-P
    >>>>>>> Updates?? Security fixes?? hmmmmm...
    >>>>>>>
    >>>>>>> reg
    >>>>>> An interesting thread but with limited meaning to readers not
    >>>>>> familiar
    >>>>>> with those links and if they are likely to cause problems by going to
    >>>>>> them or if they are valid information links that are safe to
    >>>>>> visit. An
    >>>>>> explanation would be helpful to readers not familiar with those
    >>>>>> particular links.
    >>>>>>
    >>>>> I disagree. I found the links very useful and explanatory.
    >>>>>
    >>>>> I mean, if you can't trust .gov who can you trust? :_)
    >>>>>
    >>>>
    >>>> And another good reason that everyone should be using NoScript.
    >>>>
    >>> Surfing the net without Javascript is like surfing Santa Cruz in the
    >>> winter without a wet suit. Sure, it can be done but ... it kinda
    >>> takes a lot of fun out of it :_)
    >>>

    >> More like taking the seats out of the car and driving around sitting
    >> on stone benches. Not very comfortable, and looks rather bad.
    >>

    > Hey, there's no reason to get personal in this discussion. And just how
    > the hell did you know how I customized my first car??? :-)
    >

    Just a good guess... Grin.
    Hope you didn't make any long trips...


    --
    Ron Hunter rphunter@charter.net

  12. Re: FireFox - IE Exploit Heads up

    Ron Hunter wrote:
    > Sailfish wrote:
    >> Ron Hunter wrote:
    >>> Sailfish wrote:
    >>>> Terry R. wrote:
    >>>>> On 7/12/2007 10:15 AM On a whim, Sailfish pounded out on the keyboard
    >>>>>
    >>>>>> James wrote:
    >>>>>>> squaredancer wrote:
    >>>>>>>> On 12.07.2007 08:51, CET - what odd quirk of fate caused
    >>>>>>>> stephen.novell@gmail.com to generate the following:? :
    >>>>>>>>> http://isc.sans.org/diary.html?storyid=3121
    >>>>>>>>>
    >>>>>>>>> And
    >>>>>>>>>
    >>>>>>>>> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3511
    >>>>>>>>>
    >>>>>>>>> Lovely......
    >>>>>>>>>
    >>>>>>>>>
    >>>>>>>> now you understand why I'm still running FF 1.5.0.9 :-P
    >>>>>>>> Updates?? Security fixes?? hmmmmm...
    >>>>>>>>
    >>>>>>>> reg
    >>>>>>> An interesting thread but with limited meaning to readers not
    >>>>>>> familiar
    >>>>>>> with those links and if they are likely to cause problems by
    >>>>>>> going to
    >>>>>>> them or if they are valid information links that are safe to
    >>>>>>> visit. An
    >>>>>>> explanation would be helpful to readers not familiar with those
    >>>>>>> particular links.
    >>>>>>>
    >>>>>> I disagree. I found the links very useful and explanatory.
    >>>>>>
    >>>>>> I mean, if you can't trust .gov who can you trust? :_)
    >>>>>>
    >>>>>
    >>>>> And another good reason that everyone should be using NoScript.
    >>>>>
    >>>> Surfing the net without Javascript is like surfing Santa Cruz in the
    >>>> winter without a wet suit. Sure, it can be done but ... it kinda
    >>>> takes a lot of fun out of it :_)
    >>>>
    >>> More like taking the seats out of the car and driving around sitting
    >>> on stone benches. Not very comfortable, and looks rather bad.
    >>>

    >> Hey, there's no reason to get personal in this discussion. And just
    >> how the hell did you know how I customized my first car??? :-)
    >>

    > Just a good guess... Grin.
    > Hope you didn't make any long trips...
    >

    It wasn't too bad until I cut holes in the floorboards to replace
    horsepower with footpower.

    Egads, having Barney Rubble rattle on about some breakfast cereal did
    get tiring after a bit.

    --
    Sailfish - Netscape/Mozilla Champion
    Netscape/Mozilla Tips: http://www.ufaq.org/ , http://ilias.ca/
    mozilla-based Themes: http://www.projectit.com/freestuff.html

  13. Re: FireFox - IE Exploit Heads up

    Ron Hunter wrote:
    > Sailfish wrote:
    >> John Thompson wrote:
    >>> On 2007-07-12, stephen.novell@gmail.com
    >>> wrote:
    >>>
    >>>> http://isc.sans.org/diary.html?storyid=3121
    >>>>
    >>>> And
    >>>>
    >>>> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3511
    >>>>
    >>>> Lovely......
    >>>
    >>> Do note that this only applies to Windows users who have both IE and
    >>> Firefox installed, and are using IE as their browser, and don't have
    >>> NoScript installed.
    >>>
    >>> If you're not using Windows, or not using IE as your primary browser,
    >>> or have NoScript installed -- no worries.
    >>>

    >> While I don't know for sure, my guess is that the IE-Tab extension may
    >> open a door here, no?
    >>

    > IE Tab is basically the same as running IE, but you don't have to put up
    > with the IE user-interface. It is subject to all other potential
    > problems as running the whole application, so care is indicated.
    >

    Yep, that'd be my guess, i.e., it's not just having IE as the default
    browser but having it running at all that opens one to this exposure.

    --
    Sailfish - Netscape/Mozilla Champion
    Netscape/Mozilla Tips: http://www.ufaq.org/ , http://ilias.ca/
    mozilla-based Themes: http://www.projectit.com/freestuff.html

  14. Re: FireFox - IE Exploit Heads up


+ Reply to Thread
Page 2 of 2 FirstFirst 1 2