[PCWorld]

Post your comments for Microsoft's Windows 7 Release Candidate Goes Public here

[xiromisho]

Windows 7 is great... I have to say though, I don't understand how, under all the cosmic world and all it's wonder... MS managed to mess up, of all things... the Browser.
With Browsers Competing so much now, and with the battle for market share so intense, how did the IE team take some many incredible leaps of faith in customers and in security restrictions as to basically disable any website that has SSL of HTTP and HTTPS content? (like all webmail log ins...)
These are issues in the RELEASED VERSION,not the beta version of IE 8.0... it's possibly the WORST browser ever made... they basically took a step backwards, past 7, past 6, and even past 5... these issues have never happened before.. but now they are, and they are just hundreds of little annoyances. For tech savvy people, not an issue, for the average joe - holocaust.

[WinTard]

I will concur with you on Windows 7 being great. However, I do not experience any of the troubles you mention about IE8? I have zero problems with IE 7 Ultimate x64 build 7100, or IE8 (non-beta). SSL, HTTP and HTTPS work flawlessly everywhere. And IE8 also happens to work flawlessly on my day-to-day Dell Latitude D830 laptop running XP-SP3 x86.

May I suggest you try to reset the browser by performing: Tools >> Internet Options >> Advanced >> Reset ? Or simply go to the Microsoft site to download another instance of IE8. Microsoft also provides timely and free support on IE8 by calling 1.800.microsoft, and requesting support on IE8.

Frankly, if IE8 didn't work with SSL, it would be unacceptable to me, as I do all my banking online, plus have to access SSL sites...

Good luck

[rgreen4]

There have been widely reported problems with IE8. Two members have reported similar problems - extreme problems staying on line without it crashing. One spent hours with his ISP technical support. He had heard of problems from others, but the ISP doubted it could possibly be IE8 although everything from the ISP side looked good. Once the members reverted back to IE7, the problems disappeared.

I for one will not install IE8 until it is reported the problems have been resolved. It is sitting in my notification box, but it will stay there. I use FF most of the time anyway. This will not help MS.

I am looking forward to trying the 64bit Version of Windows 7, however. All my Vista installs are 32bit, but I think they will be the last 32bit OS for me.

[Foxylady48180]

Agree with WinTard; I have never had a problem with IE8 since I installed it. I agree with you in that I would never get a 32 bit OS again; time to go 64...

[penscomps]

A large number of issues with IE-8 have been pinpointed as relating to browser add-on's. In addition for sites that render improperly there is compat mode. Windows 7 has run great for me on all the systems I have put it on - even got Ultimate installed on an Acer netbook with a 900 MHZ CPU, 1 GB RAM, and 16 GB SSD and it runs pretty darned good (as long as you don't overly multitask). All in all the RC of Win7 performs better and seems more stable than my Vista installs.

[GetReal]

Am in the process of downloading Win7-64bit RC and will try to install it on my Dual-Core 3 Ghz w/ 2Gb, separate HD partition. Does anyone yet know if this package has a reasonable UN-install capability (Vista is a mess for this as it trashes the boot system and other OS's then fail)?

[rgreen4]

Which is exactly why I install all my different Operating Systems in a multi-boot environment on separate smaller HD's. I currently have in this machine an 80GB, 160GB and 250GB (although the latter may not qualifiy as "smaller") with Vista, Vista experiment (destined for Win7RC) and XP Pro. The key is to disconnect the cables to all but the one drive you are going to install the OS on and then do the install. Afterward, set the primary drive in the BIOS Setup, and from then on you can use the Boot Menu (usually accessed by F12) on startup if you want to boot from other than the normal drive. If later you don't like the OS, you can format the drive and it does not affect the other Operating Systems on the machine. Data of course should be limited either to 1) A permanent OS drive 2) Separtate drive on the machine or 3) Networked drive (my setup).

[GetReal]

Thanks for the reply. Not stated but implied I guess, still the uninstall hassels, almost unbelievable that MS would let this stand into the next generation of OS, especially with people doing testing. Anyway, I had considered doing something like you explained but became reluctant after considering the purchass of yet another HD out of the budget and then the near constant need to get inside the computer >>> which is already stuffed solid and otherwise not easily accessable.

We have four desktop computers (but my wife won't let me near hers, hah) so looks like I might have to dig inside 3 of them and do some software consolidation to completely free up an existing HD >>> LOTS of work and cursing in that thought (groan)!

[computerguy2121]

ie 8 not good unless u want to get attack

[computerguy2121]

google chrome and firefox good

[DQuin413]

Took about 6.5 hrs to download,burned the ISO file to a DVD...partitioned my HD for a multi-boot configuration,and installed it.Very smooth,easy and problem-free....until I found that there are no free anti-virus programs that are compatible with Win7,and the few that were you have to buy...SUX!!! Also Adobe Flash Player--also incompatible. I could not even reinstall my ISP's software(VerizonDSL)!! Guess I'll uninstall it and wait for these problems to be corrected.Bummer!!

[WinTard]

DQuin413 said:

Took about 6.5 hrs to download,burned the ISO file to a DVD...partitioned my HD for a multi-boot configuration,and installed it.Very smooth,easy and problem-free....until I found that there are no free anti-virus programs that are compatible with Win7,and the few that were you have to buy...SUX!!! Also Adobe Flash Player--also incompatible. I could not even reinstall my ISP's software(VerizonDSL)!! Guess I'll uninstall it and wait for these problems to be corrected.Bummer!!

Wait!!!

I use Windows 7 Ultimate x64 RC, and also use the FREE AntiVirus http://www.avast.com...avast-home.html full 64-bit no less!



Works like a charm. Did I say it was FREE?

For more selection: Google: Results 1 - 10 of about 32,300,000 for free antivirus. (0.11 seconds)

And forget about the VerizonDSL software crap. Simply purchase any router ($30), configure PPPOE, and all your systems will have VerizonDSL access.

Google: Results 1 - 10 of about 394,000 for router PPPOE. (0.19 seconds)

Or you can do this from within Windows, without any of the VerizonDSL crap software.

Google: Results 1 - 10 of about 801,000 for configure PPPOE in windows. (0.21 seconds)

Please enjoy! :)

~~~~~~~~~~
The more you learn, the more you realize you didn't know. That's the downside of continuing your education. The benefits come next.
~ Unknown Source

[WinTard]

computerguy2121 said:

ie 8 not good unless u want to get attack

>

Quote

google chrome and firefox good

Wrong! IE8 has the distinction of not being listed on the NVD for any known vulnerabilities.

Firefox 3.0.x all the way to 3.0.9 is listed with more than 20 vulnerabilities to date since 2009. And Firefox holds the title of the most vulnerable application of 2008.

Agreed Chrome is best for security, it stood as the only browser unhacked at Pwn2Own. The most hacked was Firefox under OS X, and Safari. IE8 beta was also hacked, but fixed within 12 hours, with the Released To Web (RTW) of IE8, at which point, it is invulnerable (so far).

Anyway, for those using x64 (64-bit) OS, there are no binaries of Firefox or Chrome in x64. So what's the point? And IE8 is faster than Chrome in x64.

For more on browsers as vector of infiltration into OS, please see: Google: Results 1 - 10 of about 913,000 for pwn2own. (0.18 seconds)

[waldojim]

someone will find a way.

Let us not forget that historically, IE maintianed thier position as the easiest browers to hack. Granted things have changed over the years, but truth be told, the maclichous individuals are going to attack the most common platform.

[WinTard]

waldojim said:

someone will find a way.

Let us not forget that historically, IE maintianed thier position as the easiest browers to hack. Granted things have changed over the years, but truth be told, the maclichous individuals are going to attack the most common platform.

Agreed, I am sure they will. Sooner or later. The main reason is the popularity (de-facto standard) under all Windows platform is the built-in IE.

Actually, perception becomes reality?

There is so much FUD and BS being spewed around, that one cannot believe everything they read, or hear...

But reality, and historically, Firefox is the most easily hacked and insecure browser. Period. Yesterday, today, and probably in the future... Alas.

Here are facts:

And let's not forget the Pwn2Own competition. It was Firefox 3.0 that got hacked first on the Mac OS X no less, and all the hackers said it was easy! Whereas hacking Windows was "very very hard".

Google: Results 1 - 10 of about 914,000 for pwn2own. (0.16 seconds)

TippingPoint | DVLabs | Pwn2Own 2009TippingPoint's Zero Day Initiative (ZDI) team is pleased to announce that we will once again be sponsoring this year's Pwn2Own contest for ...
dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009 - 46k - Cached - Similar pages
TippingPoint | DVLabs | Pwn2Own 2009 Day 1 - Safari, Internet ...The 3rd annual Pwn2Own contest kicked off today at CanSecWest around 3:00pm PST. For the first time, we had so many people register for the contest that we ...
dvlabs.tippingpoint.com/.../pwn2own-2009-day-1---=safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits - 42k - Cached - Similar pages
More results from dvlabs.tippingpoint.com >
CanSecWest Applied Security Conference: Vancouver, British ...10 Feb 2009 ... But odds are if you do discover it in the book, it you probably won't be able to claim a PWN2OWN prize with it. It probably doesn't count as ...
cansecwest.com/ - 17k - Cached - Similar pages
Pwn2Own: What OS really won? | Zero Day | ZDNet.comThose takeaways appear to be the consensus view following the Pwn2Own contest ... Rest assured, if Pwn2Own ran another day Ubuntu would have stumbled too. ...
blogs.zdnet.com/security/?p=995 - 125k - Cached - Similar pages
Pwn2Own 2009: Safari/MacBook falls in seconds | Zero Day | ZDNet.comStaying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
blogs.zdnet.com/security/?p=2917 - 129k - Cached - Similar pages
More results from blogs.zdnet.com >
Browser security: Pwn2Own topples all but Chrome | csmonitor.comInnovation: The Christian Science Monitor's innovation section.
features.csmonitor.com/innovation/2009/03/24/browser-security-pwn2own-topples-all-but-chrome/ - 53k - Cached - Similar pages
The Pwn2Own trifecta: Safari, IE 8, and Firefox exploited on day 119 Mar 2009 ... One day into the Pwn2Own hacking competition at CanSecWest and already Apple, Microsoft, and Mozilla have been sent packing to their ...
www.engadget.com/2009/03/19/the-pwn2own-trifecta-safari-ie-8-and-firefox-exploited-on-day/ - 141k - Cached - Similar pages
Slashdot | First Pwn2Own 2009 Contest Winners Emerge19 Mar 2009 ... First Pwn2Own 2009 Contest Winners Emerge -- article related to Security.
it.slashdot.org/article.pl?sid=09/03/19/2110206&from=rss - 122k - Cached - Similar pages
AppleInsider | Pwn2Own contest winner: Macs are safer than Windows26 Mar 2009 ... Charlie Miller, the security expert who won both this and last year's CanSecWest Pwn2Own security contests by exploiting Macs running Safari ...
www.appleinsider.com/articles/09/03/26/pwn2owncontestwinnermacsaresaferthan_windows.html - 61k - Cached - Similar pages
Pwn2Own 2009: Mac falls in seconds | Technology | guardian.co.ukLast year, at least the Mac lasted a couple of minutes before it was hacked. This year, it lasted seconds?
www.guardian.co.uk/technology/blog/2009/mar/18/apple-pwned-again - 129k - Cached - Similar pages
Searches related to: pwn2own cansecwest pwn to own

March 23rd, 2009 Nils2Own: 'I want to see security flaws fixed'

Let?s go through your accomplishment here. On a scale of 1-10, how do you rate the difficulty of exploting these bugs. Start with Safari on Mac OS X?

For that bug, I?d rate it a 5. Not because Safari on Mac is a harder target but because of the kind of vulnerability. I can?t say much about it (because of an NDA signed with conference sponsors) but it was harder to find that bug on the Mac. Writing the exploit for Mac was the easy part.

Dino Dai Zovi] had a great quote during his talk [http://.pdf: ? Exploit writing on the Mac is fun. Exploit writing on Windows Vista is hard work. ? I totally agree with that.

Mac OS X Leopard did not implement randomization properly so it?s very easy to get your exploit to work. I?m looking forward to seeing what they Apple] do with Snow Leopard.

How about the Firefox on Windows exploit?

Let me correct something. It was a Firefox on Mac OS X vulnerability and exploit. The bug does affect Windows but, honestly, it?s way harder to get the code to run reliably on Windows. That?s the reason I did my Firefox attack on the Mac. I?m not allowed to talk about it but, for that bug, to get real exploitation on Windows is difficult because of ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention). On the Mac, I could trigger it and exploit it easily.

For that reason, I?d rate it a 3 in terms of difficulty. The vulnerability was nice. You get get a lot of control over what you can do and just execute your code. Just place the code in memory. You can spray it and it?ll be in a predictable area. On Mac OS X, there?s no ASLR or DEP, so you can just [snaps finger], execute it and it will work.

IE 8 on Windows 7?

I came here with that vulnerability. It?s another nice bug but it was really, really difficult to write the exploit because of those ASLR and DEP. I had to use some techniques around those mitigations and make a lot of preparation to make it a reliable exploit. It was very, very hard.

{Snipped}

Also look at: [Report: 92% of critical Microsoft vulnerabilities mitigated by Least Privilege accounts

In other words, do not use Administrator equivalent rights to surf a hostile environment such as the Internet.

People can easily do that by the Run As command, similar to su in Unix.

Searching the NVD for Internet Explorer returns:

Search Results (Refine Search)
There are 85 matching records. Displaying matches 1 through 20.



CVE-2009-0554
TA09-104ASummary: Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."

Published: 04/15/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-0551
TA09-104ASummary: Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."

Published: 04/15/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-0550
TA09-104ASummary: Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability."

Published: 04/15/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-0305
VU#131100Summary: Multiple stack-based buffer overflows in the Research in Motion RIM AxLoader ActiveX control in AxLoader.ocx and AxLoader.dll in BlackBerry Application Web Loader 1.0 allow remote attackers to execute arbitrary code via unspecified use of the (1) load or (2) loadJad method.

Published: 02/10/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-0076
TA09-041ASummary: Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability."

Published: 02/10/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-0075
TA09-041ASummary: Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability."

Published: 02/10/2009
CVSS Severity: 8.5 (HIGH)
CVE-2009-0369
Summary: Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability.

Published: 01/30/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-0341
Summary: The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability.

Published: 01/29/2009
CVSS Severity: 9.3 (HIGH)
CVE-2008-3358
Summary: Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain document.

Published: 01/28/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5917
Summary: Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.

Published: 01/21/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5912
Summary: An unspecified function in the Javascript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

Published: 01/20/2009
CVSS Severity: 2.1 (LOW)
CVE-2009-0072
Summary: Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen attribute value in a BODY element.

Published: 01/08/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5750
Summary: Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.

Published: 12/29/2008
CVSS Severity: 6.8 (MEDIUM)
CVE-2008-5556
Summary: DISPUTED The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."

Published: 12/12/2008
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5555
Summary: Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."

Published: 12/12/2008
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5554
Summary: The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."

Published: 12/12/2008
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5553
Summary: The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."

Published: 12/12/2008
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5552
Summary: The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."

Published: 12/12/2008
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5551
Summary: The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."

Published: 12/12/2008
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5548
Summary: VirusBuster 4.5.11.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Published: 12/12/2008
CVSS Severity: 9.3 (HIGH)

h4. Guess what? There are NONE for IE8 in 2009! (yet)

Searching the NVD for Firefox

Search Results (Refine Search)
There are 442 matching records. Displaying matches 1 through 20.



CVE-2009-1313
Summary: The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302.

Published: 04/30/2009
CVSS Severity: 6.8 (MEDIUM)
CVE-2009-1312
Summary: Mozilla Firefox before 3.0.9 and SeaMonkey do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header.

Published: 04/22/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-1311
Summary: Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame.

Published: 04/22/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-1310
Summary: Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.

Published: 04/22/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-1309
Summary: Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect proto scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.

Published: 04/22/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-1308
Summary: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL Javascript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.

Published: 04/22/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-1307
Summary: The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.

Published: 04/22/2009
CVSS Severity: 6.8 (MEDIUM)
CVE-2009-1306
Summary: The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.

Published: 04/22/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-1305
Summary: The Javascript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOPDEFVAR and properties that lack the JSPROPPERMANENT attribute.

Published: 04/22/2009
CVSS Severity: 5.0 (MEDIUM)
CVE-2009-1304
Summary: The Javascript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) jsFindPropertyHelper, related to the definitions of Math and Date; and (2) jsCheckRedeclaration.

Published: 04/22/2009
CVSS Severity: 5.0 (MEDIUM)
CVE-2009-1303
Summary: The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.

Published: 04/22/2009
CVSS Severity: 5.0 (MEDIUM)
CVE-2009-1302
Summary: The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xsltattributesetImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.

Published: 04/22/2009
CVSS Severity: 5.0 (MEDIUM)
CVE-2009-1232
Summary: The XUL parser in Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags.

Published: 04/02/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-1169
Summary: The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.

Published: 03/27/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-1044
Summary: Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.

Published: 03/23/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-0733
Summary: Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUTA2B and ReadLUTB2A functions.

Published: 03/23/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-0723
Summary: Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Published: 03/23/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-0581
Summary: Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.

Published: 03/23/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-0821
Summary: Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print function, as demonstrated by a window.print(window.print()) in the onclick attribute of an INPUT element.

Published: 03/05/2009
CVSS Severity: 5.0 (MEDIUM)
CVE-2009-0777
Summary: Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.

Published: 03/05/2009
CVSS Severity: 5.8 (MEDIUM)

And these are all for 2009!

Last, history demonstrates that Firefox is the most vulnerable application in all of 2008!

Google: Results 1 - 10 of about 9,800,000 for most vulnerable application 2008. (0.18 seconds)

http://www.dslreport...ication-in-2008
>

ZDNet also reports: Firefox tops list of 12 most vulnerable apps

Another good site to look at is: http://www.us-cert.gov/current/

Um, it appears to me at least the splash page at http://www.mozilla.c...firefox/ie.html

Using Internet Explorer
is So 2006
You deserve a better browser: Firefox is safer, faster
and easier to use than IE. Make the switch today!

Is pure BS as evidenced by reported facts... No wonder they patch so often! :(

That said, I still like and use Firefox carefully... And primarily onto non-Windows installations, like all Unix/Linux etc... And I like the Open-Source concept.

~~~~~~~~~~
The reverse side also has a reverse side.
{Japanese Proverb}

-----
>

[waldojim]

I was not stating that Firefox was secure, only that historically IE has been less secure.

Like anything else, time will tell. I do think the mozilla team needs to get back to tightening up the code. Firefox seems... downright bulky these days. Firefox climbs into the 150MB+ mark during an average day VERY quickly and just sits there. I can close it down to a single tab, and go to google.com website, all that crap and cannot convince it to reduce its usage. They are spending too much time trying to make it pretty - what with persona's and all that crap.

[Car54]

Fascinating study, fascinating info you provided. I appreciate the other side of the story, and will keep some of your links in my Bookmarks, and will maybe reconsider having my sisters, who don't keep up with such info., switch back to IE8. I do have to agree with the the multiple updates/patches you mentioned, as especially a week to 2 weeks ago, Firefox was having to close quite a bit and submit Crash Reports frequently, esp. over the weekend of April 24-26th. My sisters also confirmed this when I talked to them, as I set their PCs up with Firefox. I don't know what that was all about, but it can get a little annoying, and make a person wonder.

Thanks again for the excellent info.

[WinTard]

@ waldojim
@ Car54

My dear friends, we're all here to learn and share the little bit we can contribute to. I believe it is a public service to our community to inform members through facts, and not biased opinions, BS or FUD. Security through awareness. And the world will be a better place for all. I enjoy our conversations, and am honored you do too. I am certainly not trying to start a flame war, or other such nonsense. And apologize if I am sometimes too brutally honest. :( But it is all good in the end! And it comes from the heart. :)

And I for one, really really enjoy this Windows 7. To me it is a quantum leap over what we've become accustomed with from Microsoft. Hey, better late than never! ;)

~~~~~~~~~~
To get a better education it is sometimes not possible to choose the curriculum. Ultimately, this is okay; the lessons we don't feel inclined to learn are often those we can benefit from the most.
~ Phil Booth

Hope is so important yet truth should never be denied, or reality ignored.
~ Patrick Swayze

[DQuin413]

Well, I'll try it again......Thanks a Bunch!!!! But what about the Flash Player issue? Also my PC is a 32-bit, so I'm using the 32-bit Win7RC....