Solve : Firefox and IE together brew up security trouble?

1.	Solve : Firefox and IE together brew up security trouble?
Answer» Users could face a "highly critical" risk if they have both IE and Firefox version 2.0, or later, loaded on their computer. The trouble begins when browsing a malicious site while using IE and it registers a "firefoxurl://" URI (uniform resource identifier) handler, which allows the browser to interact with specific resources on the Web. As a result, users may find their systems remotely compromised. Earlier Tuesday, security researcher THOR Larholm, who discovered the IE flaw, and security research giant Symantec put much of the blame on IE, while Secunia's Thomas Kristensen, chief technology officer, attributed the problem to Firefox versions 2.0 or later. "It's a little bit of both," said Oliver Friedrichs, director of Symantec's Security Response Center. "You have two very complex applications that are not playing well together and leading to a security issue. The components themselves are secure as stand-alone products but not together." http://news.com.com/8301-10784_3-9741435-7.htmlThat's not good . . . but then again, I wouldn't RUN into it as I don't use IE at all (except for Windows Update, but I doubt that site would have this problem). Besides, if you have IE and Firefox installed, why use IE? Except for the reason above, of course.Thanks for the info, Scott. I'm definitely going to have to look into this more. I'd hate to have to get rid of my Firefox, but if this is true, it may come down to that.Quote from: CBMatt on JULY 13, 2007, 11:48:32 AM Thanks for the info, Scott. I'm definitely going to have to look into this more. I'd hate to have to get rid of my Firefox, but if this is true, it may come down to that. Getting rid of Firefox would be the wrong move. Just do what Calum said and use IE for windows updates only.Yeah getting rid of FF is a pretty drastic measure to take, you can just remove the "firefoxurl://" URI and you're safe. Also from what I've read, people with NoScript installed (should be a default install IMO) is protected from the exploit.Quote from: 2k_dummy on July 13, 2007, 11:53:46 AM Quote from: CBMatt on July 13, 2007, 11:48:32 AM Thanks for the info, Scott. I'm definitely going to have to look into this more. I'd hate to have to get rid of my Firefox, but if this is true, it may come down to that. Getting rid of Firefox would be the wrong move. Just do what Calum said and use IE for windows updates only. Actually, I rarely use Firefox. It's mainly just for web design. If not for that, I wouldn't use it at all. But I'm not doing anything until I read into this a bit more...which won't be until after I get some sleep.today, I decided to do a "BIOS update" live -flash on my older emachine... it has an older msi board on it (which I still love!) and saw that a safe flash was only supported using IE . I hated to do it but, did the file hippo update thingy and installed new IE -7 . I received this virus update checking out cnet after that..... f..y..i.. I love the msi boards because of the GREAT live update utility they have including flashing the bios ........... but, you always need to be real careful doing a bios flash ..... everything needs to be turned off before attempting*

Answer»

Users could face a "highly critical" risk if they have both IE and Firefox version 2.0, or later, loaded on their computer. The trouble begins when browsing a malicious site while using IE and it registers a "firefoxurl://" URI (uniform resource identifier) handler, which allows the browser to interact with specific resources on the Web. As a result, users may find their systems remotely compromised.

Earlier Tuesday, security researcher THOR Larholm, who discovered the IE flaw, and security research giant Symantec put much of the blame on IE, while Secunia's Thomas Kristensen, chief technology officer, attributed the problem to Firefox versions 2.0 or later. "It's a little bit of both," said Oliver Friedrichs, director of Symantec's Security Response Center. "You have two very complex applications that are not playing well together and leading to a security issue. The components themselves are secure as stand-alone products but not together."

http://news.com.com/8301-10784_3-9741435-7.htmlThat's not good . . . but then again, I wouldn't RUN into it as I don't use IE at all (except for Windows Update, but I doubt that site would have this problem).
Besides, if you have IE and Firefox installed, why use IE? Except for the reason above, of course.Thanks for the info, Scott. I'm definitely going to have to look into this more. I'd hate to have to get rid of my Firefox, but if this is true, it may come down to that.Quote from: CBMatt on JULY 13, 2007, 11:48:32 AM

Thanks for the info, Scott. I'm definitely going to have to look into this more. I'd hate to have to get rid of my Firefox, but if this is true, it may come down to that.

Getting rid of Firefox would be the wrong move. Just do what Calum said and use IE for windows updates only.Yeah getting rid of FF is a pretty drastic measure to take, you can just remove the "firefoxurl://" URI and you're safe.

Also from what I've read, people with NoScript installed (should be a default install IMO) is protected from the exploit.Quote from: 2k_dummy on July 13, 2007, 11:53:46 AM

Quote from: CBMatt on July 13, 2007, 11:48:32 AM
Thanks for the info, Scott. I'm definitely going to have to look into this more. I'd hate to have to get rid of my Firefox, but if this is true, it may come down to that.

Getting rid of Firefox would be the wrong move. Just do what Calum said and use IE for windows updates only.

Actually, I rarely use Firefox. It's mainly just for web design. If not for that, I wouldn't use it at all. But I'm not doing anything until I read into this a bit more...which won't be until after I get some sleep.today, I decided to do a "BIOS update" live -flash on my older emachine...
it has an older msi board on it (which I still love!) and saw that a safe flash was only supported using IE . I hated to do it but, did the file hippo update thingy and installed new IE -7 . I received this virus update checking out cnet after that.....

f..y..i.. I love the msi boards because of the GREAT live update utility they have including flashing the bios ........... but, you always need to be real careful doing a bios flash ..... everything needs to be turned off before attempting*

Solve : Firefox and IE together brew up security trouble?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment