BleepingComputer.com: How do client and server side scripting infect a computer

Does anyone know how do viruses infect one system via a client and server script side of things using Firefox as opposed to IE ? Is it a buffer overflow or some inherent feature of firefox which allows a system to become infected ? All this without downloading a file or opening an attachment ?

Thanks in advance.

Perhaps if you rephrased the question while conforming to the English rules of syntax you'll get an answer.

Sorry for my confusing sounding post.

But all i would like to find out is how can someone get infected with any type of virus with just surfing the internet. I would like to know how does one get infected using Firefox rather then IE. I would like a detail answer if possible.

Hope the above explanation helps.

Victor

If you exclude add-ons, plugins, userscripts in Greasemoney (check their forum for cookies stealing login) then I dont think you will find any code/link infecting system through Firefox just by surfing. You want a link to a so called drive-by doing that without user intervention? Well good luck searching. Firefox cant even run an exe-file without an add-on! Think there will be better luck with IE6 on old XP, preferably unpatched and set up for trouble too.

The security bugs they keep finding and fixing could actually be sort of drive-by. But there is a long way from a crashing Firefox in a lab to real life malware. What many popular tech sites happen to forget, but hysteria also keep developers sharp if not annoyed so may be a good thing. Strange crashes could still be considered security flaws. They dont wait until whatever has been proven to work for real. If you want to see details go to Bugzilla site but they do not disclose the most severe security bugs. Search for "proof of concept" or something. Find out who fix bugs and follow them. Think you will be highly dissapointed if looking for something spectacular. You need a broader definition of "just surfing" or drive-by for results. Add a little clicking from user and there is no end to potential problems. All those fake scanner sites work great on Firefox but has not really much to do with Firefox.