Firefox suffers 'extremely critical' security hole

Discussion in 'MacBytes.com News Discussion' started by MacBytes, May 10, 2005.

  1. macrumors bot

    Joined:
    Jul 5, 2003
  2. macrumors 6502a

    Gizmotoy

    Joined:
    Nov 6, 2003
    #2
  3. macrumors 604

    MacBandit

    Joined:
    Aug 9, 2002
    Location:
    Springfield, OR (Home of the Simpsons)
    #3
    More MacWorld propaganda against security with a smaller market share. I'm sorry but Foxfire is more secure than IE period. A huge part of it's security is it's lack of integration with Windows. IE is just a huge pipeline asking people to dive in and take control of windows machines.
     
  4. macrumors regular

    Joined:
    Sep 4, 2004
    #4
    Hmmm... Why do I have the feeling that this security hole really only affects Windows users? Could it be that the malicious code wouldn't have admin rights on a Mac even if it were written for the Mac?
     
  5. macrumors 68040

    shamino

    Joined:
    Jan 7, 2004
    Location:
    Purcellville, VA
    #5
    Well, you couldn't take over the system without admin rights, but:
    • It can still delete/corrupt anything in your home directory
    • It can still open a connection to a remote server and upload anything you have read-access to
    • If your're logged in from an admin account, it can clobber your Applications folder
    • It can ask for your admin user/password. A lot of users will provide this information. (A lot of virusses have been able to spread due to "human engineering" like this.)
    The biggest protection that Mac users have is that arbitrary binary code is likely to be x86 code, with a PowerPC won't run. But you don't want to rely on that.

    For now, I've removed all sites from the software-install whitelist. That should prevent the exploit. I've got no problem downloading and manually-installing my updates.

    And, since a fix has already been submitted to the head-of-line code, I suspect a patched Firefox should be available any time now.
     

Share This Page