Firefox still vulnerable to protocol-handling bug attacks

By on September 5, 2007, 10:42 AM
Despite being patched twice in July, two security researchers warn that there's another way attackers could exploit Firefox protocol-handling bugs to push malicious code onto targeted machines via the users' browsers.

Researchers Billy Rios and Nate McFeters, who first warned about the multi-browser URI protocol handling flaw back in July, said:

"Although the conditions which allowed for remote command execution in Firefox 2.0.0.5 have been addressed with a security patch, the underlying file type handling issues which are truly the heart of the issue have not been addressed."
Rios and McFeters said they've contacted the Mozilla security team and that they are working on plugging the hole. For now, the researchers will refrain from giving technical details of how an attacker could exploit the new-found URI flaws.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.