Immediate update of Firefox & Chrome engines needed!

If you have suggestions to make Avant Browser even better, describe them here.

Immediate update of Firefox & Chrome engines needed!

Postby mbrazil » Tue Sep 18, 2012 5:27 am

http://tinyurl.com/8kn2wuz

Last week researchers unveiled a new exploit that allows the hijacking of HTTPS connections, the type of connections the world relies on for secure data transfer over the Internet.

Dubbed CRIME (Compression Ratio Info-leak Made Easy), the hack exploits vulnerabilities in Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols when a website uses either Deflate or SPDY, two compression techniques used to reduce server load when using HTTPS. This means not all HTTPS connections can be broken, but connections made with websites that utilize Deflate or SPDY are vulnerable... websites like Gmail, Twitter, and Dropbox. It also means that not all browsers are equal; browsers need to specifically support Deflate or SPDY for the techniques to be used because without browser support, an HTTPS connection to a website cannot use Deflate or SPDY.

Chrome and Firefox used to be susceptible to the CRIME exploit, but both Google and Mozilla quickly issued patches prior to CRIME going public, as the researchers notified them ahead of time. That means you should upgrade Firefox to the latest version. :shock: Internet Explorer was never vulnerable to CRIME because it never supported Deflate or SPDY.
mbrazil
User avatar
Offline
AvantGuard
AvantGuard
Avantic Elite
 
Posts: 1965
Joined: Tue Jul 26, 2005 10:04 pm
Location: Grass Valley, CA
Windows Version: XP Pro SP3 x86 + all updates
Avant Version: 2013 Ultimate Build 23 & Build 115 (USB)
Default engine: Gecko (Firefox)
IE Version: IE8 + all patches and updates
Skin: Monai XP
Top

Re: Immediate update of Firefox & Chrome engines needed!

Post Reply #1 by xiaobing » Wed Sep 19, 2012 1:46 am

Anderson is making a downloader that can be used in other browsers.
We are testing it.A beta version will come soon.
xiaobing
User avatar
Offline
Support Staff
Support Staff
Avant Guru
 
Posts: 3707
Joined: Wed Apr 22, 2009 1:52 am
Windows Version: xp/win7 64/win8
Avant Version: latest version
Default engine: firefox/chrome/IE
IE Version: 8/9/10
Skin: aero glass/opal glas
Top

Re: Immediate update of Firefox & Chrome engines needed!

Post Reply #2 by mbrazil » Wed Sep 19, 2012 3:50 am

xiaobing wrote:Anderson is making a downloader that can be used in other browsers.
We are testing it.A beta version will come soon.

I don't see how this relates to the need for the latest versions of the Firefox and Chrome engines to protect against the exploit described.
mbrazil
User avatar
Offline
AvantGuard
AvantGuard
Avantic Elite
 
Posts: 1965
Joined: Tue Jul 26, 2005 10:04 pm
Location: Grass Valley, CA
Windows Version: XP Pro SP3 x86 + all updates
Avant Version: 2013 Ultimate Build 23 & Build 115 (USB)
Default engine: Gecko (Firefox)
IE Version: IE8 + all patches and updates
Skin: Monai XP
Top

Re: Immediate update of Firefox & Chrome engines needed!

Post Reply #3 by Jasmine » Wed Sep 19, 2012 4:12 am

Hi Mike,
Have both chrome and firefox declared that their upgrades relate to this vulnerability? This article seems to lag behind the release of firefox 15.0.1 a dozen of days.
Image
Please provide the following information before reporting problems:
Avant Version; System(also point out it is a 32 or 64-bit OS);IE; Memory Size; CPU Speed;
Optional: Firewall; Graphics Card

For the problems hard to replay, could you add me into your MSN or Skype list if you use either of them? The advantage is that you can let us know the situation in the first place by making some screenshots, sharing your screen or explaining the specific problems more clearly when they happen.
E-mail: Jasmine#avantbrowser.com(please repalce # with @)
MSN: dishmoon#msn.com
Skype: JasmineThunder
Jasmine
User avatar
Offline
Support Staff
Support Staff
Avant Guru
 
Posts: 3118
Joined: Mon Dec 11, 2006 2:10 am
Location: Beijing China
Windows Version: windows sp3 2003 vista win7
Avant Version: Latest release
IE Version: IE9 8 7
Top

Re: Immediate update of Firefox & Chrome engines needed!

Post Reply #4 by mbrazil » Wed Sep 19, 2012 5:17 am

Jasmine wrote:Hi Mike,
Have both chrome and firefox declared that their upgrades relate to this vulnerability? This article seems to lag behind the release of firefox 15.0.1 a dozen of days.

There doesn't appear to be any information on either Mozilla.org or Google.com regarding the exploit or updates to mitigate it. None of the reporting I've found mentions which versions of the engines contain changes that prevent the exploit.

From Wikipedia:

As of September 2012, the CRIME exploit has been mitigated by the latest versions of the Chrome and Firefox web browsers, and Microsoft has confirmed that their Internet Explorer browser was not vulnerable to the exploit.[1] Some websites have applied countermeasures at their end.[6]

http://tinyurl.com/9x2dehe

From The Register:

The researchers worked with Mozilla and Google to ensure that both Firefox and Chrome are protected.

http://tinyurl.com/9pfhauf
mbrazil
User avatar
Offline
AvantGuard
AvantGuard
Avantic Elite
 
Posts: 1965
Joined: Tue Jul 26, 2005 10:04 pm
Location: Grass Valley, CA
Windows Version: XP Pro SP3 x86 + all updates
Avant Version: 2013 Ultimate Build 23 & Build 115 (USB)
Default engine: Gecko (Firefox)
IE Version: IE8 + all patches and updates
Skin: Monai XP
Top

Re: Immediate update of Firefox & Chrome engines needed!

Post Reply #5 by bksening » Sat Sep 22, 2012 5:06 pm

Both Chrome and Firefox, which use SPDY compression, where notified beforehand and fixed the security problem before the details of the CRIME exploit were publicly presented.

This is already fixed in current versions of Chrome 21 and Firefox 15. Just need to update to these versions of the engines.

For details, see Adam Langley's blog (Google security researcher and developer):
http://www.imperialviolet.org/2012/09/21/crime.html
bksening
Offline
Fan
Fan
 
Posts: 189
Joined: Thu Oct 02, 2008 4:14 pm
Windows Version: XP SP3
Avant Version: 2010 build1
IE Version: 8.0
Top

Re: Immediate update of Firefox & Chrome engines needed!

Post Reply #6 by mbrazil » Sun Sep 23, 2012 12:49 am

bksening wrote:Both Chrome and Firefox, which use SPDY compression, where notified beforehand and fixed the security problem before the details of the CRIME exploit were publicly presented.

This is already fixed in current versions of Chrome 21 and Firefox 15. Just need to update to these versions of the engines.

For details, see Adam Langley's blog (Google security researcher and developer):
http://www.imperialviolet.org/2012/09/21/crime.html

The problem is, users of Avant cannot update to newer versions of the engines. These updates have to be provided in an update to Avant.
mbrazil
User avatar
Offline
AvantGuard
AvantGuard
Avantic Elite
 
Posts: 1965
Joined: Tue Jul 26, 2005 10:04 pm
Location: Grass Valley, CA
Windows Version: XP Pro SP3 x86 + all updates
Avant Version: 2013 Ultimate Build 23 & Build 115 (USB)
Default engine: Gecko (Firefox)
IE Version: IE8 + all patches and updates
Skin: Monai XP
Top

Re: Immediate update of Firefox & Chrome engines needed!

Post Reply #7 by Jasmine » Mon Sep 24, 2012 3:31 am

The upgrade is coming soon.
Image
Please provide the following information before reporting problems:
Avant Version; System(also point out it is a 32 or 64-bit OS);IE; Memory Size; CPU Speed;
Optional: Firewall; Graphics Card

For the problems hard to replay, could you add me into your MSN or Skype list if you use either of them? The advantage is that you can let us know the situation in the first place by making some screenshots, sharing your screen or explaining the specific problems more clearly when they happen.
E-mail: Jasmine#avantbrowser.com(please repalce # with @)
MSN: dishmoon#msn.com
Skype: JasmineThunder
Jasmine
User avatar
Offline
Support Staff
Support Staff
Avant Guru
 
Posts: 3118
Joined: Mon Dec 11, 2006 2:10 am
Location: Beijing China
Windows Version: windows sp3 2003 vista win7
Avant Version: Latest release
IE Version: IE9 8 7
Top

Re: Immediate update of Firefox & Chrome engines needed!

Post Reply #8 by mbrazil » Mon Sep 24, 2012 4:03 am

Jasmine wrote:The upgrade is coming soon.

Thanks, Jasmine.
mbrazil
User avatar
Offline
AvantGuard
AvantGuard
Avantic Elite
 
Posts: 1965
Joined: Tue Jul 26, 2005 10:04 pm
Location: Grass Valley, CA
Windows Version: XP Pro SP3 x86 + all updates
Avant Version: 2013 Ultimate Build 23 & Build 115 (USB)
Default engine: Gecko (Firefox)
IE Version: IE8 + all patches and updates
Skin: Monai XP
Top


Return to Avant Browser Requests



Who is online

Users browsing this forum: No registered users

ABPro style designed by Statm1