Comments on: Lock Down Firefox for the Weekend

By: linkfeedr » Blog Archive » Crashing bug in Firefox prompts early update next week - RSS Indexer (beta)

Fri, 12 Jun 2009 12:20:50 +0000

[…] next Firefox update, 3.0.8, next week, about a week ahead of the targeted mid-April.Mozilla’s Giorgio Maone explains a mitigation tip: “Like the vast majority of [crashing bugs, it] is not exploitable […]

By: Blabulius Küngelstein

Blabulius Küngelstein — Mon, 06 Apr 2009 22:51:29 +0000

I wonder if there is a way of spraying without using javascript or any plugin… :/

Something is telling me that there has to be a way, but I have no idea how.

By: Firefox 3.0.8 veröffentlicht & neue Logos : Adrian Sauer

Firefox 3.0.8 veröffentlicht & neue Logos : Adrian Sauer — Sat, 28 Mar 2009 09:24:32 +0000

[…] Grund einer kritischen Lücke (Firefox Version 3.0 bis 3.0.7) hat das Mozilla Dev-Team eine neue Version des […]

By: 0-Day Exploit for Critical Firefox Vulnerability | PC Tips

0-Day Exploit for Critical Firefox Vulnerability | PC Tips — Fri, 27 Mar 2009 21:36:11 +0000

[…] at the right places of your memory for execution,” Giorgio Maone, the creator of NoScript, explains. However, disabling JavaScript will not prevent Firefox from […]

By: hackademix.net » Firefox Light Speed Update and NoScript XSLT Protection

hackademix.net » Firefox Light Speed Update and NoScript XSLT Protection — Fri, 27 Mar 2009 20:51:59 +0000

[…] Lock Down Firefox for the Weekend 27 03 2009 […]

By: Giorgio

Giorgio — Fri, 27 Mar 2009 19:03:55 +0000

@PetFoodz.info:
I know it, we decided to anticipate the release in order to help home users who can autoupdate more easily during the weekend.

By: PetFoodz.info

PetFoodz.info — Fri, 27 Mar 2009 18:57:43 +0000

Firefox 3.0.8 is on Mozilla’s Release Servers..

By: Giorgio

Giorgio — Fri, 27 Mar 2009 08:17:12 +0000

@Tom T.:
sorry for making you feel hallucinated, I edited my post to prevent it from being syndicated with an uneffective advice.

@Webkit:
ROTFL (I wish I could moderate comments Slashdot-style, yours is “5 - Funny” :)

By: Firefox 3.0.8 in wenigen Tagen und neue Logos - Firefox, Logos, Version, Sicherheitslücke, Darf, Promotion-Aktionen, Köln, Sache - Caschys Blog

Fri, 27 Mar 2009 07:47:42 +0000

[…] von der kritischen Sicherheitslücke in Firefox bis zur Version 3.0.7 gehört? Die Sicherheitslücke betrifft alle […]

By: Tom T.

Tom T. — Fri, 27 Mar 2009 06:33:50 +0000

Giorgio said: "(seems that non-XHTML XML documents don’t trigger the IFrame blocking codepath)". I "thought" there was a reference to iFrames in the original blog, hence my ref to them in my first post above, which looks strange now. So you *did* edit the blog to remove the ref to disable iframe, and I’m not hallucinating? Whew!

I clicked the PoC, but it seems you have to d/l a block of code, and then "Windows doesn’t know how to open this". Whatever happened to PoC’s where the link itself was the malicious site and would crash you or whatever? (asks the dummy).

P. S. Giorgio, after quick-scanning your link to Silvio Berlusconi, I felt much better that the US is not the only country with sleazeball politicians running the show. Thanks!