FIREFOX 3.0 and lower vulnerability

[MEB]

Actually, a least one or two more were found, which may be what is taking so
long...

--
MEB
http://peoplescounsel.orgfree.com
--
_________

"Dan" <Dan@discussions.microsoft.com> wrote in message
news:7046D656-F32D-44AD-9B3B-9D48374AE7F8@microsoft.com...
| <snipped due to length>
|
| The final release date now is July 2, 2008. I know many of want the
patched
| version now but we must be patient for it to be released and also to be
fully
| stable. I am guessing it may now even be pushed back again to July 3,
2008
| due to the complexities of implementing this patch for this unknown
| vulnerability.

 

[Dan]

Thanks for letting me know, MEB.

"MEB" wrote:

> Actually, a least one or two more were found, which may be what is taking so
> long...
>
> --
> MEB
> http://peoplescounsel.orgfree.com
> --
> _________
>
> "Dan" <Dan@discussions.microsoft.com> wrote in message
> news:7046D656-F32D-44AD-9B3B-9D48374AE7F8@microsoft.com...
> | <snipped due to length>
> |
> | The final release date now is July 2, 2008. I know many of want the
> patched
> | version now but we must be patient for it to be released and also to be
> fully
> | stable. I am guessing it may now even be pushed back again to July 3,
> 2008
> | due to the complexities of implementing this patch for this unknown
> | vulnerability.
>
>
>

 

[bobster]

Gary,

You said," I was being facetious, of course".

I think many of the ABMers are also being fecesious.

Oops, that darn MS Spell checker crap failed again -- or did it? -)

=============================================================
"Gary S. Terhune" <none> wrote in message
news:eP1rcFl0IHA.2084@TK2MSFTNGP06.phx.gbl...
While you have a legitimate point, think of it as part of an ongoing
discussion about various OSes and their comparative "vulnerabilities".
Whenever someone posts a problem with IE or OE it's a good bet that someone
will slam them for even using those apps, saying they should use Thunderbird
or Firefox (or whatever), instead, because these latter are so totally safe
from intrusion. Or they go even further and claim that Windows is a disaster
due to so many vulnerabilities, and some other OS should be used instead,
ignoring the fact that if their recommendation owned 80% to 90% of the
market, it would be considered just as bad as Windows is now considered.

Likewise, MEB recently posted two CERTs exposing vulnerabilities in the
latest QuickTime and SNMPv3, neither of which are MS products but both of
which are serious problems for Windows users in general. My response was
that of course EVERY bit of software potentially contains code which makes
it vulnerable to attack in some way, and for that reason, every sane person
should throw away their computers and all computer-based items immediately
(which means nearly every appliance in a modern person's panoply -- cell
phone, Blackberries, I-whatevers), and stop using things like banks and any
other critical service that uses computers

I was being facetious, of course...I think... My point is that you don't
totally outlaw automobiles and return to the slow-poke age of horsecrap
everywhere, just because a relatively few people get hurt or killed every
year, even when they're driving the most modern automobile available. It's a
baby & bathwater kind of thing.

The tie-in to Windows 9x is that more and more companies are no longer
supporting 9x in any way, and IF you're really worried about all that stuff,
you should definitely quit using 9x altogether. Personally, some standard
layers of anti-malware protection and sensible habits, plus the fact that in
most cases the problem is fixed before the public (including the bad guys)
even know there is one, make nearly all those vulnerabilities irrelevant,
even if they remain unpatched. (Just as an added comment, this is why
auto-updaters, or at least some very in-your-face and timely update
notifications, ARE so important. Problem is, you can't run them on Windows
9x because they suck up the puny Resources 9x is cursed with.) The real
problem for Win98 users will be when there are no longer any AV or other
anti-malware or firewall apps that work on them.

--
Gary S. Terhune
MS-MVP Shell/User
http://grystmill.com

"Julie" <julieb@bellsouth.net> wrote in message
news:%23knLZtk0IHA.2408@TK2MSFTNGP04.phx.gbl...
> What does this have to do with Windows 98. Firefox 3.0 is incompatible
> with
> Win98.
>
>
> "MEB" <meb@not here@hotmail.com> wrote in message
> news:%234bxhlj0IHA.2188@TK2MSFTNGP04.phx.gbl...
>>
>> Code execution vulnerability found in Firefox 3.0
>>
>> Ryan Naraine: Just hours after the official release of the
>> latest refresh of Mozilla's flagship browser, an unnamed researcher has
> sold
>> a critical code execution vulnerability that puts millions of Firefox3.0
>> users at risk of PC takeover attacks.
>>
>> http://blogs.zdnet.com/security/?p=1288
>>
>> --
>> MEB
>> http://peoplescounsel.orgfree.com
>> --
>> _________
>>
>>
>
>

 

[Gary S. Terhune]

I hate to have to do this, but... ABM? Anti-??? Anyone But Me?

--
Gary S. Terhune
MS-MVP Shell/User
http://grystmill.com

"bobster" <fauxie@bogus.net> wrote in message
news:OOrraFk2IHA.4672@TK2MSFTNGP04.phx.gbl...
> Gary,
>
> You said," I was being facetious, of course".
>
> I think many of the ABMers are also being fecesious.
>
> Oops, that darn MS Spell checker crap failed again -- or did it? -)
>
> =============================================================
> "Gary S. Terhune" <none> wrote in message
> news:eP1rcFl0IHA.2084@TK2MSFTNGP06.phx.gbl...
> While you have a legitimate point, think of it as part of an ongoing
> discussion about various OSes and their comparative "vulnerabilities".
> Whenever someone posts a problem with IE or OE it's a good bet that
> someone
> will slam them for even using those apps, saying they should use
> Thunderbird
> or Firefox (or whatever), instead, because these latter are so totally
> safe
> from intrusion. Or they go even further and claim that Windows is a
> disaster
> due to so many vulnerabilities, and some other OS should be used instead,
> ignoring the fact that if their recommendation owned 80% to 90% of the
> market, it would be considered just as bad as Windows is now considered.
>
> Likewise, MEB recently posted two CERTs exposing vulnerabilities in the
> latest QuickTime and SNMPv3, neither of which are MS products but both of
> which are serious problems for Windows users in general. My response was
> that of course EVERY bit of software potentially contains code which makes
> it vulnerable to attack in some way, and for that reason, every sane
> person
> should throw away their computers and all computer-based items immediately
> (which means nearly every appliance in a modern person's panoply -- cell
> phone, Blackberries, I-whatevers), and stop using things like banks and
> any
> other critical service that uses computers
>
> I was being facetious, of course...I think... My point is that you don't
> totally outlaw automobiles and return to the slow-poke age of horsecrap
> everywhere, just because a relatively few people get hurt or killed every
> year, even when they're driving the most modern automobile available. It's
> a
> baby & bathwater kind of thing.
>
> The tie-in to Windows 9x is that more and more companies are no longer
> supporting 9x in any way, and IF you're really worried about all that
> stuff,
> you should definitely quit using 9x altogether. Personally, some standard
> layers of anti-malware protection and sensible habits, plus the fact that
> in
> most cases the problem is fixed before the public (including the bad guys)
> even know there is one, make nearly all those vulnerabilities irrelevant,
> even if they remain unpatched. (Just as an added comment, this is why
> auto-updaters, or at least some very in-your-face and timely update
> notifications, ARE so important. Problem is, you can't run them on Windows
> 9x because they suck up the puny Resources 9x is cursed with.) The real
> problem for Win98 users will be when there are no longer any AV or other
> anti-malware or firewall apps that work on them.
>
> --
> Gary S. Terhune
> MS-MVP Shell/User
> http://grystmill.com
>
> "Julie" <julieb@bellsouth.net> wrote in message
> news:%23knLZtk0IHA.2408@TK2MSFTNGP04.phx.gbl...
>> What does this have to do with Windows 98. Firefox 3.0 is incompatible
>> with
>> Win98.
>>
>>
>> "MEB" <meb@not here@hotmail.com> wrote in message
>> news:%234bxhlj0IHA.2188@TK2MSFTNGP04.phx.gbl...
>>>
>>> Code execution vulnerability found in Firefox 3.0
>>>
>>> Ryan Naraine: Just hours after the official release of the
>>> latest refresh of Mozilla's flagship browser, an unnamed researcher has
>> sold
>>> a critical code execution vulnerability that puts millions of Firefox3.0
>>> users at risk of PC takeover attacks.
>>>
>>> http://blogs.zdnet.com/security/?p=1288
>>>
>>> --
>>> MEB
>>> http://peoplescounsel.orgfree.com
>>> --
>>> _________
>>>
>>>
>>
>>
>
>
>

 

[bobster]

ABM = Anybody But Microsoft. Sorry, Gary but thought it was a well known
acronym. Pardon my lame attempt at humor. In my working life, fecesious
was a made-up word we often used to denote a BSer, derived from feces +ous
(full of). It was sort of an in joke. Most people thought we were
mispronouncing facetious.

About 3 months ago I went over to the other side and bought a Dell XP
machine -- last of the breed. My old 300MHz PII W98SE dog just couldn't
hack videos and lots of other stuff I wanted to do. It wasn't 98SE that was
the culprit -- just the slow processor. I'm using IE7 with a little app
called Quero Toolbar that gives me freedom to move and size all of the
various bars and functions to my satisfaction. It looks and feels like a
windows 98SE/IE6 machine with tabbed browsing but much, much faster. So far
I've had only one BSOD and none of the problems that some have had with XP
SP-3. And an unexpected bonus was to find PA Bear very active on the XP
board.

I like to check back on this board occasionally to see how things are in the
W98 world as I had been a several year beneficiary of the wisdom of folks
like you, the two Ronnies, PA Bear and many others. Good to see you're
still active.

==============================================================
"Gary S. Terhune" <none> wrote in message
news:uFVOLhk2IHA.2064@TK2MSFTNGP05.phx.gbl...
I hate to have to do this, but... ABM? Anti-??? Anyone But Me?

--
Gary S. Terhune
MS-MVP Shell/User
http://grystmill.com

"bobster" <fauxie@bogus.net> wrote in message
news:OOrraFk2IHA.4672@TK2MSFTNGP04.phx.gbl...
> Gary,
>
> You said," I was being facetious, of course".
>
> I think many of the ABMers are also being fecesious.
>
> Oops, that darn MS Spell checker crap failed again -- or did it? -)
>
> =============================================================
> "Gary S. Terhune" <none> wrote in message
> news:eP1rcFl0IHA.2084@TK2MSFTNGP06.phx.gbl...
> While you have a legitimate point, think of it as part of an ongoing
> discussion about various OSes and their comparative "vulnerabilities".
> Whenever someone posts a problem with IE or OE it's a good bet that
> someone
> will slam them for even using those apps, saying they should use
> Thunderbird
> or Firefox (or whatever), instead, because these latter are so totally
> safe
> from intrusion. Or they go even further and claim that Windows is a
> disaster
> due to so many vulnerabilities, and some other OS should be used instead,
> ignoring the fact that if their recommendation owned 80% to 90% of the
> market, it would be considered just as bad as Windows is now considered.
>
> Likewise, MEB recently posted two CERTs exposing vulnerabilities in the
> latest QuickTime and SNMPv3, neither of which are MS products but both of
> which are serious problems for Windows users in general. My response was
> that of course EVERY bit of software potentially contains code which makes
> it vulnerable to attack in some way, and for that reason, every sane
> person
> should throw away their computers and all computer-based items immediately
> (which means nearly every appliance in a modern person's panoply -- cell
> phone, Blackberries, I-whatevers), and stop using things like banks and
> any
> other critical service that uses computers
>
> I was being facetious, of course...I think... My point is that you don't
> totally outlaw automobiles and return to the slow-poke age of horsecrap
> everywhere, just because a relatively few people get hurt or killed every
> year, even when they're driving the most modern automobile available. It's
> a
> baby & bathwater kind of thing.
>
> The tie-in to Windows 9x is that more and more companies are no longer
> supporting 9x in any way, and IF you're really worried about all that
> stuff,
> you should definitely quit using 9x altogether. Personally, some standard
> layers of anti-malware protection and sensible habits, plus the fact that
> in
> most cases the problem is fixed before the public (including the bad guys)
> even know there is one, make nearly all those vulnerabilities irrelevant,
> even if they remain unpatched. (Just as an added comment, this is why
> auto-updaters, or at least some very in-your-face and timely update
> notifications, ARE so important. Problem is, you can't run them on Windows
> 9x because they suck up the puny Resources 9x is cursed with.) The real
> problem for Win98 users will be when there are no longer any AV or other
> anti-malware or firewall apps that work on them.
>
> --
> Gary S. Terhune
> MS-MVP Shell/User
> http://grystmill.com
>
> "Julie" <julieb@bellsouth.net> wrote in message
> news:%23knLZtk0IHA.2408@TK2MSFTNGP04.phx.gbl...
>> What does this have to do with Windows 98. Firefox 3.0 is incompatible
>> with
>> Win98.
>>
>>
>> "MEB" <meb@not here@hotmail.com> wrote in message
>> news:%234bxhlj0IHA.2188@TK2MSFTNGP04.phx.gbl...
>>>
>>> Code execution vulnerability found in Firefox 3.0
>>>
>>> Ryan Naraine: Just hours after the official release of the
>>> latest refresh of Mozilla's flagship browser, an unnamed researcher has
>> sold
>>> a critical code execution vulnerability that puts millions of Firefox3.0
>>> users at risk of PC takeover attacks.
>>>
>>> http://blogs.zdnet.com/security/?p=1288
>>>
>>> --
>>> MEB
>>> http://peoplescounsel.orgfree.com
>>> --
>>> _________
>>>
>>>
>>
>>
>
>
>

 

[Gary S. Terhune]

Doh!!!

But I liked the humor, even *before* you had to explain it, <bg>.

--
Gary S. Terhune
MS-MVP Shell/User
http://grystmill.com

"bobster" <fauxie@bogus.net> wrote in message
news:eJBTA3n2IHA.5832@TK2MSFTNGP02.phx.gbl...
> ABM = Anybody But Microsoft. Sorry, Gary but thought it was a well known
> acronym. Pardon my lame attempt at humor. In my working life, fecesious
> was a made-up word we often used to denote a BSer, derived from feces +ous
> (full of). It was sort of an in joke. Most people thought we were
> mispronouncing facetious.
>
> About 3 months ago I went over to the other side and bought a Dell XP
> machine -- last of the breed. My old 300MHz PII W98SE dog just couldn't
> hack videos and lots of other stuff I wanted to do. It wasn't 98SE that
> was
> the culprit -- just the slow processor. I'm using IE7 with a little app
> called Quero Toolbar that gives me freedom to move and size all of the
> various bars and functions to my satisfaction. It looks and feels like a
> windows 98SE/IE6 machine with tabbed browsing but much, much faster. So
> far
> I've had only one BSOD and none of the problems that some have had with XP
> SP-3. And an unexpected bonus was to find PA Bear very active on the XP
> board.
>
> I like to check back on this board occasionally to see how things are in
> the
> W98 world as I had been a several year beneficiary of the wisdom of folks
> like you, the two Ronnies, PA Bear and many others. Good to see you're
> still active.
>
> ==============================================================
> "Gary S. Terhune" <none> wrote in message
> news:uFVOLhk2IHA.2064@TK2MSFTNGP05.phx.gbl...
> I hate to have to do this, but... ABM? Anti-??? Anyone But Me?
>
> --
> Gary S. Terhune
> MS-MVP Shell/User
> http://grystmill.com
>
> "bobster" <fauxie@bogus.net> wrote in message
> news:OOrraFk2IHA.4672@TK2MSFTNGP04.phx.gbl...
>> Gary,
>>
>> You said," I was being facetious, of course".
>>
>> I think many of the ABMers are also being fecesious.
>>
>> Oops, that darn MS Spell checker crap failed again -- or did it? -)
>>
>> =============================================================
>> "Gary S. Terhune" <none> wrote in message
>> news:eP1rcFl0IHA.2084@TK2MSFTNGP06.phx.gbl...
>> While you have a legitimate point, think of it as part of an ongoing
>> discussion about various OSes and their comparative "vulnerabilities".
>> Whenever someone posts a problem with IE or OE it's a good bet that
>> someone
>> will slam them for even using those apps, saying they should use
>> Thunderbird
>> or Firefox (or whatever), instead, because these latter are so totally
>> safe
>> from intrusion. Or they go even further and claim that Windows is a
>> disaster
>> due to so many vulnerabilities, and some other OS should be used instead,
>> ignoring the fact that if their recommendation owned 80% to 90% of the
>> market, it would be considered just as bad as Windows is now considered.
>>
>> Likewise, MEB recently posted two CERTs exposing vulnerabilities in the
>> latest QuickTime and SNMPv3, neither of which are MS products but both of
>> which are serious problems for Windows users in general. My response was
>> that of course EVERY bit of software potentially contains code which
>> makes
>> it vulnerable to attack in some way, and for that reason, every sane
>> person
>> should throw away their computers and all computer-based items
>> immediately
>> (which means nearly every appliance in a modern person's panoply -- cell
>> phone, Blackberries, I-whatevers), and stop using things like banks and
>> any
>> other critical service that uses computers
>>
>> I was being facetious, of course...I think... My point is that you don't
>> totally outlaw automobiles and return to the slow-poke age of horsecrap
>> everywhere, just because a relatively few people get hurt or killed every
>> year, even when they're driving the most modern automobile available.
>> It's
>> a
>> baby & bathwater kind of thing.
>>
>> The tie-in to Windows 9x is that more and more companies are no longer
>> supporting 9x in any way, and IF you're really worried about all that
>> stuff,
>> you should definitely quit using 9x altogether. Personally, some standard
>> layers of anti-malware protection and sensible habits, plus the fact that
>> in
>> most cases the problem is fixed before the public (including the bad
>> guys)
>> even know there is one, make nearly all those vulnerabilities irrelevant,
>> even if they remain unpatched. (Just as an added comment, this is why
>> auto-updaters, or at least some very in-your-face and timely update
>> notifications, ARE so important. Problem is, you can't run them on
>> Windows
>> 9x because they suck up the puny Resources 9x is cursed with.) The real
>> problem for Win98 users will be when there are no longer any AV or other
>> anti-malware or firewall apps that work on them.
>>
>> --
>> Gary S. Terhune
>> MS-MVP Shell/User
>> http://grystmill.com
>>
>> "Julie" <julieb@bellsouth.net> wrote in message
>> news:%23knLZtk0IHA.2408@TK2MSFTNGP04.phx.gbl...
>>> What does this have to do with Windows 98. Firefox 3.0 is incompatible
>>> with
>>> Win98.
>>>
>>>
>>> "MEB" <meb@not here@hotmail.com> wrote in message
>>> news:%234bxhlj0IHA.2188@TK2MSFTNGP04.phx.gbl...
>>>>
>>>> Code execution vulnerability found in Firefox 3.0
>>>>
>>>> Ryan Naraine: Just hours after the official release of the
>>>> latest refresh of Mozilla's flagship browser, an unnamed researcher has
>>> sold
>>>> a critical code execution vulnerability that puts millions of
>>>> Firefox3.0
>>>> users at risk of PC takeover attacks.
>>>>
>>>> http://blogs.zdnet.com/security/?p=1288
>>>>
>>>> --
>>>> MEB
>>>> http://peoplescounsel.orgfree.com
>>>> --
>>>> _________
>>>>
>>>>
>>>
>>>
>>
>>
>>
>
>
>

 

[MEB]

In news:878EC510-6550-47FC-9664-37C513093FD8@microsoft.com at ,
Dan contemplated and posted:
| Thanks for letting me know, MEB.
|
| "MEB" wrote:
|
|> Actually, a least one or two more were found, which may be what is
|> taking so long...
|>
|> --
|> MEB
|> http://peoplescounsel.orgfree.com
|> --
|> _________
|>
|> "Dan" <Dan@discussions.microsoft.com> wrote in message
|> news:7046D656-F32D-44AD-9B3B-9D48374AE7F8@microsoft.com...
|> | <snipped due to length>
|> |
|> | The final release date now is July 2, 2008. I know many of want
|> | the patched version now but we must be patient for it to be
|> | released and also to be fully stable. I am guessing it may now
|> | even be pushed back again to July 3, 2008 due to the complexities
|> | of implementing this patch for this unknown vulnerability.

As noted in a newer discussion, the new version 2.0.0.15 has been released.

Here's what got fixed:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15
Looks like this has fixed several older issues as well as the two major
ones noted as were existing in the 3.0.version

--
MEB
http://peoplescounsel.orgfree.com
--
_________