Mozilla Firefox Vulnerability effects 0.9.3?

[sinatosk]

I installed Mozilla Firefox 0.9.3 earlier today and then later on just for the fun of it I decided to check to see if the vulnerability still effected me... strangly it does...

I was wondering if anyone else with Mozilla Firefox 0.9.3 is still being effected. link is below.

http://www.nd.edu/~jsmith30/xul/test/spoof.html

[Pink Floyd Veteran]

this is supposed to be fixed with 0.9.3

[Zycoflow]

Yep it still happens on my pc....... :blink: :no:

[sinatosk]

phew... least I know it's not just me then

[uniacidz]

LOLOLOL

Yep still happens.

Funny and ironic as isnt just IE that has **** ups with patches/bug fixes.

[em_te]

I think Firefox should have followed IE's lead in making the content area sunken into the browser window. It allows you to tell whether something is part of the browser window or not regardless of whether anything is spoofed.

https://www.neowin.net/forum/index.php?showtopic=192796

[Ultra Frosty]

I bet Microsoft is paying people to try to **** around with the firefox source code.

[dL]

What spoof? :huh:

Too lazy to read and comprehend. Someone wanna explain for me? :)

dL

[Rudy]

thats so funny, they made fun of IE when a patch didnt quite work....now look at this

[OPaul]

Jesus, this is a pretty big bug too.

Posted;

http://forums.mozillazine.org/viewtopic.php?p=699343#699343

[Kasteo]

I haven't tried Firefox 0.9.3 yet, but it has been fixed in the nightly branch build I'm using since August 03.

[Si Veteran]

but it has been fixed in the nightly branch build I'm using since August 03.

Yup, it throws up

XML Parsing Error: undefined entity

Location: http://www.nd.edu/~jsmith30/xul/test/browser2.xul

Line Number 856, Column 36:              <menuitem accesskey="&releaseCmd.accesskey;"

-----------------------------------^

[IGAU]

As far as I'm concerned, I can find no evidence to say that this was supposed to be in 0.9.3 at all... unless you can give a source which directly quotes a developer stating that, please stop spreading rubbish about a "messed up" release. Four security bugs were fixed with 0.9.3, and if you check the thread already linked, you'll see why I don't even consider this an exploit.

Kasteo, I'd be interested to know what build you're using, since I can't think of a fix for this at all, short of forcing the legitimate statusbar to display for XUL content (i.e. prevent popups disabling it), nor can I find any checkins or bugfixes to indicate that any change has been made in relation to this "bug" at all.

[Chad]

moved to Web Browser Discussion

[Kasteo]

...

Kasteo, I'd be interested to know what build you're using, since I can't think of a fix for this at all, short of forcing the legitimate statusbar to display for XUL content (i.e. prevent popups disabling it), nor can I find any checkins or bugfixes to indicate that any change has been made in relation to this "bug" at all.

Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7) Gecko/20040804 Firefox/0.9.1+

When you click on the example of an exploit XUL content link it will show....

XML Parsing Error: undefined entity
Location: http://www.nd.edu/~jsmith30/xul/test/browser2.xul
Line Number 856, Column 36:              <menuitem accesskey="&releaseCmd.accesskey;"
-----------------------------------^

[L3thal Veteran]

Glad to see they "fixed" the spoof :rolleyes:

[stockwiz]

I still see the spoof, but because of the way I have the browser configured, I'd never be fooled by it.. it's so vastly different looking from the way I have mine configured not to mention I have disabled the ability for javascript to hide things.

Still, it should be addressed. It's still in beta and in a constant state of change as bugs get fixed, so I'll give them a bit of time yet.. I just wish the gecko engine loaded images faster.

[L3thal Veteran]

I just wish the gecko engine loaded images faster.

Amen :yes: