Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mozilla Firefox - Two Vulnerabilities


  • Please log in to reply
3 replies to this topic

#1 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:02:19 PM

Posted 08 May 2005 - 07:35 PM

"Two vulnerabilities have been discovered in Firefox, which can be exploited by malicious people
to conduct cross-site scripting attacks and compromise a user's system."


Vulnerability: Extremely Critical

NOTE: Exploit code is publicly available.

The vulnerabilities have been confirmed in version 1.0.3. Other versions may also be affected.

Solution: Disable JavaScript.

Full details at Secunia dot com
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:01:19 PM

Posted 09 May 2005 - 01:21 PM

From Mozillazine:


The Secunia advisory suggests disabling JavaScript as a workaround; however, simply disabling software installation (Web Features panel of the Options/Preferences window in Firefox 1.0.3 . . . eliminates the problem. We understand that a change made to Mozilla Update has made the vulnerability effectively unexploitable if you only have update.mozilla.org and addons.mozilla.org in your software installation whitelist (accessible from the Web Features or Content panel in the Options/Preferences window), which is the default setting.



http://www.mozillazine.org/talkback.html?article=6582


Regards,
John

Edited by jgweed, 09 May 2005 - 01:22 PM.

Whereof one cannot speak, thereof one should be silent.

#3 Supermart57

Supermart57

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 09 May 2005 - 01:36 PM

One or two sites have managed to drop pop-under windows behind my Firefox browser. They don't appear to have any OK or Cancel buttons but are there when I close the browser window.

Is this normal? I have both software and hardware firewalls running so how do they get by?
I'd like to die peacefully in my sleep like my grandfather, not screaming in terror like his passengers

#4 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:01:19 PM

Posted 12 May 2005 - 11:49 AM

These vulnerabilities have been fixed in Release 1.4, made available today.
Regards,
John
Whereof one cannot speak, thereof one should be silent.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users