Firefox 0-Day Vulnerability Just Published a Couple of Hours Ago!

Hi fellow OZB,

I just read about this zero day vulnerability on the Firefox browsers. The advice is to stay off using Firefox for now, at least until a patch is developed.

http://arstechnica.com/security/2016/11/firefox-0day-used-ag…

Related Stores

mozilla.org
mozilla.org

Comments

  • Damn, thanks for the heads up. Might move back to Chrome for a bit then.

  • +1

    There are almost always unpatched holes in any browser - and that's the one's we know about. This isn't a reason to stop using Firefox although it's true that Chrome does have a better security record.

  • +3

    Don't you run NoScript addon anyway?

    https://addons.mozilla.org/en-US/firefox/addon/noscript/

  • People still use that CPU-hog in 2016?

    Granted, Chrome hogs memory, but holy crap on my laptop it's slow as a wet week compared to Chrome

    • I use it when I need anything Flash intensive. Chrome's inbuilt version has some fun interactions that forcibly disable hardware acceleration. Performance of both of them is much the same for me, but I'm more used to Chrome's shortcuts at this point.

      • +1

        I have FF for the same reason - but Flash is permanently disabled in Chrome as I find it insecure and annoying

      • You're using it in a worse way. Firefox doesn't have Flash built-in so you're using Adobe's plugin which is typically more vulnerable to attacks. Better to uninstall Adobe flash and run it within Chrome or Edge, which are more sandboxed.

  • "According to security researchers who analyzed the code, it exploits a memory corruption vulnerability that allows malicious code to be executed on computers running Windows"

  • +3

    Mozilla has patched the vulnerability in latest Firefox update. Version 50.0.2
    https://www.mozilla.org/en-US/security/advisories/mfsa2016-9…

  • Cheers for the information, will have to see if it affects Pale Moon too.

    It's smarter IMO to assume that any browser is vulnerable. I run script blockers, anti-exploit, and use software policies to prevent successful exploits.

Login or Join to leave a comment