wini 寫:
不過用白話的方式來說,「在執行惡意軟體、或上被掛木馬的網站後,Fx3 有個漏洞會害電腦當掉,如果你的 Fx3 沒有自動記錄的工具,就會遺失這段時間的資料。」好像是這種感覺?
奇怪,怎麼用「
firefox 3 radware」搜出來,前幾頁大部分都是中國的網頁?我一向不太信任中國或台灣的媒體,所以查了一下:
Radware Press Release 寫:
Discovered by the vulnerability research team of Radware’s Security Operations Center (SOC), the Firefox vulnerability could result in a system crash of the Firefox browser and the instant lost of any unsaved information. Immediate protection from this vulnerability is available as part of Radware’s Security Update Service (SUS), which seeks to safeguard customer infrastructures in advance of public disclosure of the flaw.
關鍵是 "system crash of the Firefox browser" , Radware 刻意把 Firefox application 的 crash 說成是 system crash,有這麼嚴重嗎?中文的部分更誇張了, "of the Firefox browser" 直接省略。Press Release 繼續讀下去,會發現其實根本是在廣告 Radware 的產品 XD
當然,有漏洞就是有漏洞,我們看看
Mozilla 怎麼說:
Mozilla Security Blog 寫:
Impact
If a user browses to a malicious page that takes advantage of this vulnerability, the browser will crash. A feature in Firefox called Session Restore will restore the browser session when Firefox is restarted and will likely save user typed content in text areas as well. This feature is designed to save users’ work in the event of a crash or browser restart.
Status
This issue is currently under investigation. Mozilla has assigned this bug an initial severity rating of low because of the minimal security risk to users.
Radware 的 Press Release:
Radware Reveals Critical Vulnerability in Firefox 3, Mozilla’s Latest Web Browser Application
登入
註冊
問答集
搜尋
