MozTW 討論區 :: 檢視主題 - Firefox 3 重大漏洞可引發 DOS 拒絕服務攻擊

不過用白話的方式來說，「在執行惡意軟體、或上被掛木馬的網站後，Fx3 有個漏洞會害電腦當掉，如果你的 Fx3 沒有自動記錄的工具，就會遺失這段時間的資料。」好像是這種感覺？

Discovered by the vulnerability research team of Radware’s Security Operations Center (SOC), the Firefox vulnerability could result in a system crash of the Firefox browser and the instant lost of any unsaved information. Immediate protection from this vulnerability is available as part of Radware’s Security Update Service (SUS), which seeks to safeguard customer infrastructures in advance of public disclosure of the flaw.

Impact

If a user browses to a malicious page that takes advantage of this vulnerability, the browser will crash. A feature in Firefox called Session Restore will restore the browser session when Firefox is restarted and will likely save user typed content in text areas as well. This feature is designed to save users’ work in the event of a crash or browser restart.

Status

This issue is currently under investigation. Mozilla has assigned this bug an initial severity rating of low because of the minimal security risk to users.

發表人:	dora2002 [ 2008-08-15, 20:10 ]
文章主題 :	Firefox 3 重大漏洞可引發 DOS 拒絕服務攻擊
賽迪網 - 2008年8月5日引言回覆: 【賽迪網-IT技術報導】Radware發現在Mozilla公司推出的最新網頁瀏覽器Firefox 3中存在漏洞，該漏洞的存在可引發用戶遭受DOS拒絕服務攻擊。 Radware安全運營中心的漏洞研究小組發現，Firefox的漏洞會導致系統崩潰，使Firefox瀏覽器中未保存的資訊丟失。 ...

發表人:	wini [ 2008-08-15, 20:21 ]
文章主題 :
連結好像失效了？ Firefox 3重大漏洞可引發DOS拒絕服務攻擊 — IT技術- 賽迪網 Firefox 3 存在重大漏洞可引發DoS拒絕服務攻擊 - ZDNet China 不過用白話的方式來說，「在執行惡意軟體、或上被掛木馬的網站後，Fx3 有個漏洞會害電腦當掉，如果你的 Fx3 沒有自動記錄的工具，就會遺失這段時間的資料。」好像是這種感覺？

發表人:	dora2002 [ 2008-08-15, 20:31 ]
文章主題 :
wini 寫: 連結好像失效了？已修正 XD Firefox 2 應該也會被影響到吧 ...

發表人:	coolcd [ 2008-08-16, 00:20 ]
文章主題 :
wini 寫: 不過用白話的方式來說，「在執行惡意軟體、或上被掛木馬的網站後，Fx3 有個漏洞會害電腦當掉，如果你的 Fx3 沒有自動記錄的工具，就會遺失這段時間的資料。」好像是這種感覺？奇怪，怎麼用「firefox 3 radware」搜出來，前幾頁大部分都是中國的網頁？我一向不太信任中國或台灣的媒體，所以查了一下： Radware Press Release 寫: Discovered by the vulnerability research team of Radware’s Security Operations Center (SOC), the Firefox vulnerability could result in a system crash of the Firefox browser and the instant lost of any unsaved information. Immediate protection from this vulnerability is available as part of Radware’s Security Update Service (SUS), which seeks to safeguard customer infrastructures in advance of public disclosure of the flaw. 關鍵是 "system crash of the Firefox browser" ， Radware 刻意把 Firefox application 的 crash 說成是 system crash，有這麼嚴重嗎？中文的部分更誇張了， "of the Firefox browser" 直接省略。Press Release 繼續讀下去，會發現其實根本是在廣告 Radware 的產品 XD 當然，有漏洞就是有漏洞，我們看看 Mozilla 怎麼說： Mozilla Security Blog 寫: Impact If a user browses to a malicious page that takes advantage of this vulnerability, the browser will crash. A feature in Firefox called Session Restore will restore the browser session when Firefox is restarted and will likely save user typed content in text areas as well. This feature is designed to save users’ work in the event of a crash or browser restart. Status This issue is currently under investigation. Mozilla has assigned this bug an initial severity rating of low because of the minimal security risk to users. Radware 的 Press Release: Radware Reveals Critical Vulnerability in Firefox 3, Mozilla’s Latest Web Browser Application

MozTW 討論區 https://forum.moztw.org/

Firefox 3 重大漏洞可引發 DOS 拒絕服務攻擊 https://forum.moztw.org/viewtopic.php?f=22&t=23918	第 1 頁 (共 1 頁)

第 1 頁 (共 1 頁)	所有顯示的時間為 UTC + 8 小時
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/