Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Firefox news SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Firefox news


So, this is not a marketing or just news about Firefox. :)
The reason for this post is that Firefox is the subject of two quite interesting security related news.

Starting on the first one.
There is a 0day vulnerability for Firefox, including the latest version. This vulnerability is already being exploited, so beware...

The good thing is that Mozilla is quite fast on those and already confirmed the issue and is working to get it fixed.

The second one is related to an Firefox extension released yesterday. It is called Firesheep.

In summary, it is an addon that will make it really easy to basically anyone hack accounts by sniffing traffic on public hotspots, such as airports, coffee shops,etc...
Hacking accounts by sniffing traffic on unsecured wifi networks is not really difficult, but until now, you would need some additional steps to accomplish it, but with Firesheep it is all there for you...really recommend a check on it.

PCWorld has a good write up on it.

Thanks for the readers that pointed that out.

----------------------------------------------------------------------------------------------------

Pedro Bueno (pbueno /%%/ isc. sans. org)

Twitter: http://twitter.com/besecure

Pedro

155 Posts
ISC Handler
Pedro,

I would remove that link to the PC World article, it really diminishes the impact of this threat. Considering that the writer ran this test using 2 browsers on the same machine, using the same network connection, over the same Access Point.

If you want to run a test like this and then write an article about said test...it would be so much more viable to actually run the test from a HotSpot and not from within your home and not from the same PC.
HackDefendr

65 Posts
It is worth noting that NoScript can force HTTPS on many popular sites such as twitter that otherwise use SSL only for login.

http://noscript.net/faq#https
Anonymous
Cooling Down the Firesheep
- http://blog.mozilla.com/security/2010/10/27/cooling-down-the-firesheep/
10.27.10
> https://addons.mozilla.org/en-US/firefox/addon/12714/
.
Jack

160 Posts
Regarding Firefox 0-day hole.

there has been a lot of writing in the norwegian media the last days.

Thuesday (26. okt) nobelpeaceprice.org was hacked.
(yes - its the official peace price site)

The site was effected with a trojan that was executed through a 0-day exploit in firefox.

the malvare was undetected by 41 AV-tools

norwegian soc article can be found:

http://telenorsoc.blogspot.com/2010/10/nobelpeaceprizeorg-kompromittert.html

goole from norwegian to english for info.

Jack
3 Posts
A fix for this vulnerability has been released for Firefox and Thunderbird users.

Firefox 3.6.12 and 3.5.15 security updates now available
* Firefox 3.6.12: http://firefox.com
* Firefox 3.5.15: http://www.mozilla.com/firefox/all-older.html

Thunderbird 3.1.6 and 3.0.10 security updates now available
Jack
1 Posts
I am new to all this network security stuff, I amd currently attending shool, but I did do a little reading on this Firefox and it sounds like there could be alot of issues with it not being as secure as some other browsers.
I use your standard web browsers such as Yahoo and sometime Google systems on my home network, are they any more secure than this Firefox browser?
Jack
1 Posts

Sign Up for Free or Log In to start participating in the conversation!