also @ TechSpot: Rumor: AMD "Piledriver" FX CPU production to begin Q3 2012

Extremely critical Firefox flaws

By

On May 9, 2005, 2:05 PM EST

Proving that its not just IE that holds the monopoly in serious security problems, two new vulnerabilities in Mozilla's Firefox Web browser have been rated "extremely critical." Seemingly, the vulnerabilities have the potential to allow an attacker to take control of a PC simply by getting a user to visit a malicious Web site.

Because proof-of-concept code has been leaked -- as were the vulnerabilities -- before a patch was ready, Mozilla recommended that Firefox users either disable JavaScript or lock down the browser so it doesn't install additional software, such as extensions or themes, from Web sites.

The vulnerabilities were discovered by a pair of security researchers, who had notified Mozilla earlier in the month, but were keeping mum until a patch was written. However, details of the vulnerabilities were leaked by someone close to one of the researchers.

It appears that it is possible to trick the browser into thinking a download is coming from one of the by-default sites permitted to install software automatically: addons.mozilla.org or update.mozilla.org. Changes have been made to the Mozilla update site to try to minimise any potential for damage, however the problem will not be fixed properly until we are given Firefox 1.0.4.

Related Stories

No tags on this story

4 comments

User Comments (4)

Post a comment
smtkr
on May 9, 2005
8:37 PM 		How to run malicious code in Linux:1. Log in as root2. Run malicious script.I still feel very safe.

Reply

phantasm66
on May 10, 2005
3:14 AM 		Erm, this news post is about Firefox, and a flaw in that.

Reply

Mictlantecuhtli
on May 10, 2005
6:14 AM 		I enable "Allow web sites to install software" only when I'm going to install an extension or a plugin, and disable it after installation. Isn't that just common sense?

Reply

phantasm66
on May 10, 2005
9:37 AM 		Yes, but 99.9% of people in the world now who are using the internet don't have common sense. Probably about 40% of them are even pleased to have been able to switch the computer on, find the internet browser and navigate to the page. You are thinking like a computer enthusiast / expert not a member of the public, who like it or lump it use computers and the net all the time now.

Reply

Browse more commented news

Post a new comment

Guest user

To post as an anonymous
user click here.

Members

If you are a TechSpot member,
please login first.


By signing up you gain complete access to the TechSpot community. Join thousands of computer and technology enthusiasts that contribute and share knowledge in our forum. Post messages, get a private inbox, upload your own photo gallery and more.

Most Popular

Trending Featured
More Trending Topics

Editors' Storage Picks

Downloads & Drivers

Downloads   Drivers  

GMABooster 2.1a

HaoZip 2.8

Defraggler 2.10.413

The Cleaner 2012 8.1.0.1110

WinISO 6.2.0.4526

More Downloads

Related Discussion

Compaq Presario CQ61 screen LCD cable change but not working

Laptop screen messed up

Reclaim D partition?

Are these computer parts compatible

RAID drives into new system?

More at the Forums

Subscribe to TechSpot

Get free exclusive content, learn about new features and tech breaking news.