Avant Browser

Avant Browser community forum
It is currently Thu Oct 23, 2014 8:35 pm

All times are UTC




Post new topic Reply to topic  [ 9 posts ] 
Author Message
Poston: Tue Sep 18, 2012 5:27 am 
Offline
AvantGuard
AvantGuard
Avantic Elite
User avatar

Joined: Tue Jul 26, 2005 10:04 pm
Posts: 1965
Location: Grass Valley, CA
Windows Version: XP Pro SP3 x86 + all updates
Avant Version: 2013 Ultimate Build 23 & Build 115 (USB)
Default engine: Gecko (Firefox)
IE Version: IE8 + all patches and updates
Skin: Monai XP
http://tinyurl.com/8kn2wuz

Last week researchers unveiled a new exploit that allows the hijacking of HTTPS connections, the type of connections the world relies on for secure data transfer over the Internet.

Dubbed CRIME (Compression Ratio Info-leak Made Easy), the hack exploits vulnerabilities in Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols when a website uses either Deflate or SPDY, two compression techniques used to reduce server load when using HTTPS. This means not all HTTPS connections can be broken, but connections made with websites that utilize Deflate or SPDY are vulnerable... websites like Gmail, Twitter, and Dropbox. It also means that not all browsers are equal; browsers need to specifically support Deflate or SPDY for the techniques to be used because without browser support, an HTTPS connection to a website cannot use Deflate or SPDY.

Chrome and Firefox used to be susceptible to the CRIME exploit, but both Google and Mozilla quickly issued patches prior to CRIME going public, as the researchers notified them ahead of time. That means you should upgrade Firefox to the latest version. :shock: Internet Explorer was never vulnerable to CRIME because it never supported Deflate or SPDY.


Top
 Profile  
 
Post Reply #1 on: Wed Sep 19, 2012 1:46 am 
Offline
Support Staff
Support Staff
Avant Guru
User avatar

Joined: Wed Apr 22, 2009 1:52 am
Posts: 3872
Windows Version: xp/win7 64/win8
Avant Version: latest version
Default engine: firefox/chrome/IE
IE Version: 8/9/10
Skin: aero glass/opal glas
Anderson is making a downloader that can be used in other browsers.
We are testing it.A beta version will come soon.


Top
 Profile  
 
Post Reply #2 on: Wed Sep 19, 2012 3:50 am 
Offline
AvantGuard
AvantGuard
Avantic Elite
User avatar

Joined: Tue Jul 26, 2005 10:04 pm
Posts: 1965
Location: Grass Valley, CA
Windows Version: XP Pro SP3 x86 + all updates
Avant Version: 2013 Ultimate Build 23 & Build 115 (USB)
Default engine: Gecko (Firefox)
IE Version: IE8 + all patches and updates
Skin: Monai XP
xiaobing wrote:
Anderson is making a downloader that can be used in other browsers.
We are testing it.A beta version will come soon.

I don't see how this relates to the need for the latest versions of the Firefox and Chrome engines to protect against the exploit described.


Top
 Profile  
 
Post Reply #3 on: Wed Sep 19, 2012 4:12 am 
Offline
Support Staff
Support Staff
Avant Guru
User avatar

Joined: Mon Dec 11, 2006 2:10 am
Posts: 3118
Location: Beijing China
Windows Version: windows sp3 2003 vista win7
Avant Version: Latest release
IE Version: IE9 8 7
Hi Mike,
Have both chrome and firefox declared that their upgrades relate to this vulnerability? This article seems to lag behind the release of firefox 15.0.1 a dozen of days.

_________________
Image
Please provide the following information before reporting problems:
Avant Version; System(also point out it is a 32 or 64-bit OS);IE; Memory Size; CPU Speed;
Optional: Firewall; Graphics Card

For the problems hard to replay, could you add me into your MSN or Skype list if you use either of them? The advantage is that you can let us know the situation in the first place by making some screenshots, sharing your screen or explaining the specific problems more clearly when they happen.
E-mail: Jasmine#avantbrowser.com(please repalce # with @)
MSN: dishmoon#msn.com
Skype: JasmineThunder


Top
 Profile  
 
Post Reply #4 on: Wed Sep 19, 2012 5:17 am 
Offline
AvantGuard
AvantGuard
Avantic Elite
User avatar

Joined: Tue Jul 26, 2005 10:04 pm
Posts: 1965
Location: Grass Valley, CA
Windows Version: XP Pro SP3 x86 + all updates
Avant Version: 2013 Ultimate Build 23 & Build 115 (USB)
Default engine: Gecko (Firefox)
IE Version: IE8 + all patches and updates
Skin: Monai XP
Jasmine wrote:
Hi Mike,
Have both chrome and firefox declared that their upgrades relate to this vulnerability? This article seems to lag behind the release of firefox 15.0.1 a dozen of days.

There doesn't appear to be any information on either Mozilla.org or Google.com regarding the exploit or updates to mitigate it. None of the reporting I've found mentions which versions of the engines contain changes that prevent the exploit.

From Wikipedia:

As of September 2012, the CRIME exploit has been mitigated by the latest versions of the Chrome and Firefox web browsers, and Microsoft has confirmed that their Internet Explorer browser was not vulnerable to the exploit.[1] Some websites have applied countermeasures at their end.[6]

http://tinyurl.com/9x2dehe

From The Register:

The researchers worked with Mozilla and Google to ensure that both Firefox and Chrome are protected.

http://tinyurl.com/9pfhauf


Top
 Profile  
 
Post Reply #5 on: Sat Sep 22, 2012 5:06 pm 
Offline
Fan
Fan

Joined: Thu Oct 02, 2008 4:14 pm
Posts: 189
Windows Version: XP SP3
Avant Version: 2010 build1
IE Version: 8.0
Both Chrome and Firefox, which use SPDY compression, where notified beforehand and fixed the security problem before the details of the CRIME exploit were publicly presented.

This is already fixed in current versions of Chrome 21 and Firefox 15. Just need to update to these versions of the engines.

For details, see Adam Langley's blog (Google security researcher and developer):
http://www.imperialviolet.org/2012/09/21/crime.html


Top
 Profile  
 
Post Reply #6 on: Sun Sep 23, 2012 12:49 am 
Offline
AvantGuard
AvantGuard
Avantic Elite
User avatar

Joined: Tue Jul 26, 2005 10:04 pm
Posts: 1965
Location: Grass Valley, CA
Windows Version: XP Pro SP3 x86 + all updates
Avant Version: 2013 Ultimate Build 23 & Build 115 (USB)
Default engine: Gecko (Firefox)
IE Version: IE8 + all patches and updates
Skin: Monai XP
bksening wrote:
Both Chrome and Firefox, which use SPDY compression, where notified beforehand and fixed the security problem before the details of the CRIME exploit were publicly presented.

This is already fixed in current versions of Chrome 21 and Firefox 15. Just need to update to these versions of the engines.

For details, see Adam Langley's blog (Google security researcher and developer):
http://www.imperialviolet.org/2012/09/21/crime.html

The problem is, users of Avant cannot update to newer versions of the engines. These updates have to be provided in an update to Avant.


Top
 Profile  
 
Post Reply #7 on: Mon Sep 24, 2012 3:31 am 
Offline
Support Staff
Support Staff
Avant Guru
User avatar

Joined: Mon Dec 11, 2006 2:10 am
Posts: 3118
Location: Beijing China
Windows Version: windows sp3 2003 vista win7
Avant Version: Latest release
IE Version: IE9 8 7
The upgrade is coming soon.

_________________
Image
Please provide the following information before reporting problems:
Avant Version; System(also point out it is a 32 or 64-bit OS);IE; Memory Size; CPU Speed;
Optional: Firewall; Graphics Card

For the problems hard to replay, could you add me into your MSN or Skype list if you use either of them? The advantage is that you can let us know the situation in the first place by making some screenshots, sharing your screen or explaining the specific problems more clearly when they happen.
E-mail: Jasmine#avantbrowser.com(please repalce # with @)
MSN: dishmoon#msn.com
Skype: JasmineThunder


Top
 Profile  
 
Post Reply #8 on: Mon Sep 24, 2012 4:03 am 
Offline
AvantGuard
AvantGuard
Avantic Elite
User avatar

Joined: Tue Jul 26, 2005 10:04 pm
Posts: 1965
Location: Grass Valley, CA
Windows Version: XP Pro SP3 x86 + all updates
Avant Version: 2013 Ultimate Build 23 & Build 115 (USB)
Default engine: Gecko (Firefox)
IE Version: IE8 + all patches and updates
Skin: Monai XP
Jasmine wrote:
The upgrade is coming soon.

Thanks, Jasmine.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Group