New Firefox Vulnerability )c:=

    Date: 09/09/05 (Mozilla)    Keywords: security, web

    It seems that a new critical security vulnerability has been found in Firefox, unfortunately the day after 1.5 Beta 1 was released. It seems to affect all current versions (including 1.5 Beta 1), and can be used for arbitrary code execution and/or to compromise a user's system. The vulnerability has to do with a malformed URL, so the way to mitigate the problem is to not follow links to or from untrusted website. It sounds like disabling IDN support may mitigate it too, but I have no confirmation on that. Hopefully this will be patched quickly...I'll edit this post and/or post again once I hear of a patch becoming available.

    Note that there are currently no known exploits for this vulnerability, so just exercise caution when following links.

    For more information, see today's diary at the Internet Storm Center, or the Secunia advisory.

    X-posted to '[info]'firefoxusers.

    Source: http://www.livejournal.com/community/mozilla/316744.html

« Thoughts about Firefox and... || A desperate query... »
Search  •  Site Map  •  Set as Homepage  •  Add to Favourites  • 
antivirus | apache | asp | blogging | browser | bugtracking | cms | crm | css | database | ebay | ecommerce | google | hosting | html | java | jsp | linux | microsoft | mysql | offshore | offshoring | oscommerce | php | postgresql | programming | rss | security | seo | shopping | software | spam | spyware | sql | technology | templates | tracker | virus | web | xml | yahoo | home