Firefox suffers 'extremely critical' security hole

Discussion in ' News Discussion' started by MacBytes, May 10, 2005.

  1. macrumors bot

    Jul 5, 2003
  2. macrumors 6502a


    Nov 6, 2003
  3. macrumors 604


    Aug 9, 2002
    Springfield, OR (Home of the Simpsons)
    More MacWorld propaganda against security with a smaller market share. I'm sorry but Foxfire is more secure than IE period. A huge part of it's security is it's lack of integration with Windows. IE is just a huge pipeline asking people to dive in and take control of windows machines.
  4. macrumors regular

    Sep 4, 2004
    Hmmm... Why do I have the feeling that this security hole really only affects Windows users? Could it be that the malicious code wouldn't have admin rights on a Mac even if it were written for the Mac?
  5. macrumors 68040


    Jan 7, 2004
    Purcellville, VA
    Well, you couldn't take over the system without admin rights, but:
    • It can still delete/corrupt anything in your home directory
    • It can still open a connection to a remote server and upload anything you have read-access to
    • If your're logged in from an admin account, it can clobber your Applications folder
    • It can ask for your admin user/password. A lot of users will provide this information. (A lot of virusses have been able to spread due to "human engineering" like this.)
    The biggest protection that Mac users have is that arbitrary binary code is likely to be x86 code, with a PowerPC won't run. But you don't want to rely on that.

    For now, I've removed all sites from the software-install whitelist. That should prevent the exploit. I've got no problem downloading and manually-installing my updates.

    And, since a fix has already been submitted to the head-of-line code, I suspect a patched Firefox should be available any time now.

Share This Page