Immediate update of Firefox & Chrome engines needed!

If you have suggestions to make Avant Browser even better, describe them here.

Moderators: Support Staff², Support Staff, Developer, AvantGuard

User avatar
mbrazil
AvantGuard
AvantGuard
Posts: 1966
Joined: Tue Jul 26, 2005 10:04 pm
Windows Version: XP Pro SP3 x86 + all updates
Avant Version: 2013 Ultimate Build 23 & Build 115 (USB)
Default engine: Gecko (Firefox)
IE Version: IE8 + all patches and updates
Skin: Monai XP
Location: Grass Valley, CA

Immediate update of Firefox & Chrome engines needed!

Postby mbrazil » Tue Sep 18, 2012 5:27 am

http://tinyurl.com/8kn2wuz

Last week researchers unveiled a new exploit that allows the hijacking of HTTPS connections, the type of connections the world relies on for secure data transfer over the Internet.

Dubbed CRIME (Compression Ratio Info-leak Made Easy), the hack exploits vulnerabilities in Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols when a website uses either Deflate or SPDY, two compression techniques used to reduce server load when using HTTPS. This means not all HTTPS connections can be broken, but connections made with websites that utilize Deflate or SPDY are vulnerable... websites like Gmail, Twitter, and Dropbox. It also means that not all browsers are equal; browsers need to specifically support Deflate or SPDY for the techniques to be used because without browser support, an HTTPS connection to a website cannot use Deflate or SPDY.

Chrome and Firefox used to be susceptible to the CRIME exploit, but both Google and Mozilla quickly issued patches prior to CRIME going public, as the researchers notified them ahead of time. That means you should upgrade Firefox to the latest version. :shock: Internet Explorer was never vulnerable to CRIME because it never supported Deflate or SPDY.

User avatar
xiaobing
Support Staff
Support Staff
Posts: 4179
Joined: Wed Apr 22, 2009 1:52 am
Windows Version: xp/win7 64/win8
Avant Version: latest version
Default engine: firefox/chrome/IE
IE Version: 8/9/10
Skin: aero glass/opal glas

Re: Immediate update of Firefox & Chrome engines needed!

Postby xiaobing » Wed Sep 19, 2012 1:46 am

Anderson is making a downloader that can be used in other browsers.
We are testing it.A beta version will come soon.

User avatar
mbrazil
AvantGuard
AvantGuard
Posts: 1966
Joined: Tue Jul 26, 2005 10:04 pm
Windows Version: XP Pro SP3 x86 + all updates
Avant Version: 2013 Ultimate Build 23 & Build 115 (USB)
Default engine: Gecko (Firefox)
IE Version: IE8 + all patches and updates
Skin: Monai XP
Location: Grass Valley, CA

Re: Immediate update of Firefox & Chrome engines needed!

Postby mbrazil » Wed Sep 19, 2012 3:50 am

xiaobing wrote:Anderson is making a downloader that can be used in other browsers.
We are testing it.A beta version will come soon.

I don't see how this relates to the need for the latest versions of the Firefox and Chrome engines to protect against the exploit described.

User avatar
Jasmine
Support Staff
Support Staff
Posts: 3118
Joined: Mon Dec 11, 2006 2:10 am
Windows Version: windows sp3 2003 vista win7
Avant Version: Latest release
IE Version: IE9 8 7
Location: Beijing China
Contact:

Re: Immediate update of Firefox & Chrome engines needed!

Postby Jasmine » Wed Sep 19, 2012 4:12 am

Hi Mike,
Have both chrome and firefox declared that their upgrades relate to this vulnerability? This article seems to lag behind the release of firefox 15.0.1 a dozen of days.
Image
Please provide the following information before reporting problems:
Avant Version; System(also point out it is a 32 or 64-bit OS);IE; Memory Size; CPU Speed;
Optional: Firewall; Graphics Card

For the problems hard to replay, could you add me into your MSN or Skype list if you use either of them? The advantage is that you can let us know the situation in the first place by making some screenshots, sharing your screen or explaining the specific problems more clearly when they happen.
E-mail: Jasmine#avantbrowser.com(please repalce # with @)
MSN: dishmoon#msn.com
Skype: JasmineThunder

User avatar
mbrazil
AvantGuard
AvantGuard
Posts: 1966
Joined: Tue Jul 26, 2005 10:04 pm
Windows Version: XP Pro SP3 x86 + all updates
Avant Version: 2013 Ultimate Build 23 & Build 115 (USB)
Default engine: Gecko (Firefox)
IE Version: IE8 + all patches and updates
Skin: Monai XP
Location: Grass Valley, CA

Re: Immediate update of Firefox & Chrome engines needed!

Postby mbrazil » Wed Sep 19, 2012 5:17 am

Jasmine wrote:Hi Mike,
Have both chrome and firefox declared that their upgrades relate to this vulnerability? This article seems to lag behind the release of firefox 15.0.1 a dozen of days.

There doesn't appear to be any information on either Mozilla.org or Google.com regarding the exploit or updates to mitigate it. None of the reporting I've found mentions which versions of the engines contain changes that prevent the exploit.

From Wikipedia:

As of September 2012, the CRIME exploit has been mitigated by the latest versions of the Chrome and Firefox web browsers, and Microsoft has confirmed that their Internet Explorer browser was not vulnerable to the exploit.[1] Some websites have applied countermeasures at their end.[6]

http://tinyurl.com/9x2dehe

From The Register:

The researchers worked with Mozilla and Google to ensure that both Firefox and Chrome are protected.

http://tinyurl.com/9pfhauf

bksening
Fan
Fan
Posts: 189
Joined: Thu Oct 02, 2008 4:14 pm
Windows Version: XP SP3
Avant Version: 2010 build1
IE Version: 8.0

Re: Immediate update of Firefox & Chrome engines needed!

Postby bksening » Sat Sep 22, 2012 5:06 pm

Both Chrome and Firefox, which use SPDY compression, where notified beforehand and fixed the security problem before the details of the CRIME exploit were publicly presented.

This is already fixed in current versions of Chrome 21 and Firefox 15. Just need to update to these versions of the engines.

For details, see Adam Langley's blog (Google security researcher and developer):
http://www.imperialviolet.org/2012/09/21/crime.html

User avatar
mbrazil
AvantGuard
AvantGuard
Posts: 1966
Joined: Tue Jul 26, 2005 10:04 pm
Windows Version: XP Pro SP3 x86 + all updates
Avant Version: 2013 Ultimate Build 23 & Build 115 (USB)
Default engine: Gecko (Firefox)
IE Version: IE8 + all patches and updates
Skin: Monai XP
Location: Grass Valley, CA

Re: Immediate update of Firefox & Chrome engines needed!

Postby mbrazil » Sun Sep 23, 2012 12:49 am

bksening wrote:Both Chrome and Firefox, which use SPDY compression, where notified beforehand and fixed the security problem before the details of the CRIME exploit were publicly presented.

This is already fixed in current versions of Chrome 21 and Firefox 15. Just need to update to these versions of the engines.

For details, see Adam Langley's blog (Google security researcher and developer):
http://www.imperialviolet.org/2012/09/21/crime.html

The problem is, users of Avant cannot update to newer versions of the engines. These updates have to be provided in an update to Avant.

User avatar
Jasmine
Support Staff
Support Staff
Posts: 3118
Joined: Mon Dec 11, 2006 2:10 am
Windows Version: windows sp3 2003 vista win7
Avant Version: Latest release
IE Version: IE9 8 7
Location: Beijing China
Contact:

Re: Immediate update of Firefox & Chrome engines needed!

Postby Jasmine » Mon Sep 24, 2012 3:31 am

The upgrade is coming soon.
Image
Please provide the following information before reporting problems:
Avant Version; System(also point out it is a 32 or 64-bit OS);IE; Memory Size; CPU Speed;
Optional: Firewall; Graphics Card

For the problems hard to replay, could you add me into your MSN or Skype list if you use either of them? The advantage is that you can let us know the situation in the first place by making some screenshots, sharing your screen or explaining the specific problems more clearly when they happen.
E-mail: Jasmine#avantbrowser.com(please repalce # with @)
MSN: dishmoon#msn.com
Skype: JasmineThunder

User avatar
mbrazil
AvantGuard
AvantGuard
Posts: 1966
Joined: Tue Jul 26, 2005 10:04 pm
Windows Version: XP Pro SP3 x86 + all updates
Avant Version: 2013 Ultimate Build 23 & Build 115 (USB)
Default engine: Gecko (Firefox)
IE Version: IE8 + all patches and updates
Skin: Monai XP
Location: Grass Valley, CA

Re: Immediate update of Firefox & Chrome engines needed!

Postby mbrazil » Mon Sep 24, 2012 4:03 am

Jasmine wrote:The upgrade is coming soon.

Thanks, Jasmine.


Return to “Avant Browser Requests”

Who is online

Users browsing this forum: No registered users