Critical flaw in FireFox = affects IceDragon?

Hi guys,

The latest edition of the UK computer magazine Computer Active reports on a critical flaw in FireFox which could expose users to a man-in-the-middle attack. This flaw allows criminals to create fraudulent sites that masquerade as legitimate businesses and banks (complete with https:// and a padlock icon).

Mozilla are aware of this flaw and have patched it in FireFox 32.0.3.

But IceDragon is based on Firefox 26.0.

Is IceDragon then at risk of this attack?


Since IceDragon is based on an older code base I would it expect it to be vulnerable.

Do you have a link to the article?

I’m afraid the magazine is either subscribe online or buy from the shop, so I can’t give you a link. But the article, apart from what I’ve told you, also tells you how to update FF to version 32.0.3 to get around this flaw.

Amongst others this link should suffice.

Thanks. I’ve now added the FF SSL3 fix to my CID.

Huh? How did you add a FF fox to CID?

I installed the FF add-on that fixes this problem (or is supposed to).

It’s called SSL Version Control 0.2. It was last updated today.


It raises the question as to why Comodo, a reputable security company, make a secure browser which they apparently do not keep secure?! We appear to be putting our trust in IceDradon and yet it is only occasionally updated with security fixes :-\

I stopped trusting their browser some months ago because of this.

Captainsticks made a sticky topic on how to protect against the Poodle vulnerability: Disable SSL 3.0 to be immune from the POODLE attack. CID.. That way you will be safe.

Kudos to him, but there are still vulnerabilities in Gecko 26/Chromium 36 that have been fixed in new versions.

Comodo has been hiring new people for the development of the Comodo browsers. Expect a new release of Dragon relatively soon and for IceDragon we will have to wait a bit more.

Yeah, I know, but what worries me is the not so near future.