Analogy: Imagine you were a passenger on the titanic, it just sank and you are in the cold water, there are 2 life rafts near you, one is empty and one is commanded by the captain of the titanic, which one would you pick? The captain waves "come over here I'll keep you safe"

Well, I've delibrately ran a demo vulernability with Firefox under Linux.
=> http://larholm.com/vuln/firefoxurl.html

I get a popup saying:
"Firefox doesn't know how to open this address, because the protocol (firefoxurl) isn't associated with any program."

Other than that, nothing happens.

This issue specifically requires a Windows system with both Firefox and IE installed. (I don't use Windows so its a non-issue for me).

If you are paranoid or scared, you can just use a Linux LiveCD to do your web surfing until a patch is released.

Meanwhile, protected mode IE7 on Vista continues to pay dividends with immunity to probably any hack that'll ever get made.

I got infected a few weeks ago by a pop-up add in Firefox. It has been a huge pain in the butt, since no virus checker has managed to remove it entirely, and only by running with my Active Desktop disabled am I able to disable the virus (otherwise it pops up adds and plays audio adds).

Anyhow, I've been putting off re-installing the OS, since it's such a pain having to do so, but I am practically certain the infection occurred when that pop-up was displayed in Firefox.

Hopefully this is the vulnerability those bums took advantage of, and it will be patched soon. I am starting to wonder if I shouldn't switch to Linux at home...

Fireflop fanboys and XP dinosaurs get pwned.
Vista+IE7 FTW!

ive noticed hangs in this version? anyone else

This can be exploited to execute arbitrary commands e.g. when a user visits a malicious web site using Microsoft Internet Explorer.

So they're basically saying that if you use FF for your everyday browsing and only use IE for Windows Update (which I wouldn't classify as a malicious website) this bug has no importance whatsoever.

For those running as admin:
http://fileforum.betanews.com/detail/Sandboxie/1139521062/1
:)

Yet another exploit whose impact can be mitigated by not running Admin.

How is that different from IE or Safari?

They get bugs and based on the urgency they get patched. 50% of MS patches prior to IE7 were IE6 patches.

I'd rather sleep in the bottom bunk bed while Rosie and her fat friends jump up and down on the top bunk; I'd rather bait crocodiles with my manhood, before i ever use IE again.

Hmm.. when I try to open a firefoxurl://<whatever> the first thing I get is a warning.

Disabling

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\URLAssociations

Didn't seem to do anything either (maybe cached?), but the location looks more informational than declarative..

Seems to be based on this: http://sla.ckers.org/forum/read.php?3,12752

time for 2.0.0.5 anyways, i was getting tired of 2.0.0.4 with its even numbers..

is there a way to unregister it via group policy?

oh n0es w3 are to get t3h f1r3h4x0rz