Next Generation Emulation banner

1 - 11 of 11 Posts

·
Registered
Joined
·
99 Posts
Discussion Starter · #1 ·
The Register

Security researchers have discovered two unpatched vulnerabilities in Firefox, the popular alternative web browser. The security bugs affect even the latest version of Firefox (version 1.0.3) and create a means for attackers to seize control of vulnerable systems using cross-site scripting attacks. One vulnerability enables arbitrary JavaScript code with escalated privileges to be executed via a specially crafted JavaScript URL. Successful exploitation requires that a site is allowed to install software (default sites are "update.mozilla.org" and "addons.mozilla.org"). This would normally drastically reduce the scope for mischief - but for a second security bug, involving "IFRAME" JavaScript URLs, which creates a means to execute arbitrary HTML and script code in the context of an arbitrary site. A combination of the two vulnerabilities can be exploited to execute arbitrary code on vulnerable systems, according to Danish security firm Secunia. Exploit code is publicly available greatly increasing the chance of attack, it warns. The vulnerabilities - described by Secunia as "extremely critical" - have been confirmed in version 1.0.3 of Firefox. Other versions may also be affected. Users are advised to disable JavaScript and the software installation option within Firefox pending a more comprehensive fix from the Mozilla Foundation. ®
 

·
I Burnt The Toast!
Joined
·
1,493 Posts
Dahahah...

/me browses on with IE, properly updated..

All kidding aside, It's not going to be all peaches and cream forever. You get big, you get attacked, nuff said.
 

·
Old Man
Joined
·
286 Posts
/me waits for those against FireFox to laugh at the users of FireFox
while
/me waits for those against IE to still brag that FireFox is more secure than IE

In other words, /me waits for the browser war

*sigh*
 

·
Registered
Joined
·
2,583 Posts
mikeshoup said:
/me waits for those against FireFox to laugh at the users of FireFox
while
/me waits for those against IE to still brag that FireFox is more secure than IE

In other words, /me waits for the browser war

*sigh*
stupid fanbois
 

·
Retired
Joined
·
8,882 Posts
This is bound to happen in any large software project. Humans write codes like painters without a visual cortex.
 

·
Retired
Joined
·
8,882 Posts
Well, someone has to write the fix ;)
 

·
Moo.
Joined
·
455 Posts
FIREFOX R0xx0rs my B0xx0rs 0MG!!!!!

Just so you know, XSS (Cross-Site Scripting) creates huge holes in any browser as of right now. There is no known way to accurately fix XSS so that it cannot create huge security holes. This applies to IE and FireFox alike.
 

·
Transcended
Joined
·
1,416 Posts
Like Talbain said, XSS is not just a browser specific problem. The problem is actually inherent in a complicated combination of standards, implementations and the like. It's hardly an earth shattering issue with what... hundreds of XSS problems reported every so often.

The IFRAME exploit might be important though. Will look into it.
 
1 - 11 of 11 Posts
Top