It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

SCI/TECH: Two Serious Security Holes Found in Firefox

page: 1
0

log in

join
share:

posted on May, 8 2005 @ 02:45 PM
link   
Two extremely critical security flaws have been found in Firefox 1.0.3. The security holes allow the malicious to conduct cross-scripting attacks. The holes remain unpatched.
 



www.theinquirer.net
DANISH PROBLEM watcher Secunia said that two "extremely critical" security problems have been discovered in ever-more popular browser, Firefox.

According to Secunia, these involve cross scripting attacks involving IFRAME Javascript URLs and input passed to the IconURL parameter.

The holes have been confirmed in version 1.0.3, and exploit code is publicly available, said Secunia in it's note here.



Please visit the link provided for the complete story.


Even as Firefox becomes ever more popular, the browser's flaws continue to be found. Certainly, there are no perfect browsers, or any software, it seems, that cannot be exploited by the malicious. May this serve as a heads-up to those who use this browser. This is the most critical security flaw found in Firefox, to date. There are currently five unpatched Firefox security flaws.

[edit on 05/5/8 by GradyPhilpott]




posted on May, 8 2005 @ 02:49 PM
link   
Thankfully, there are far fewer than IE. I think I got nailed by this, which is unfortunate, but one problem compared to 50,000 is always better in my book!



posted on May, 8 2005 @ 10:47 PM
link   
What is capable in cross-scripting attacks, and how can you tell if it happened? I read a little on it and all I seen was they can steal cookies. Being as the call it an extremely critical hole, I'd imagine there is worse.



posted on May, 8 2005 @ 10:51 PM
link   

Originally posted by junglejake
Thankfully, there are far fewer than IE. I think I got nailed by this, which is unfortunate, but one problem compared to 50,000 is always better in my book!


ie has been out for a long time and thats why there alot of flaws for it firefox will have more flaws just time will tell when they will be found.



posted on May, 8 2005 @ 10:53 PM
link   
Perhaps this link will explain more:

secunia.com...



posted on May, 8 2005 @ 11:02 PM
link   
Ok that has to be one of the worst descriptions I have ever seen. I have been a developer for years and I read that and think WTF. The description strikes me as all doubletalk.



posted on May, 8 2005 @ 11:06 PM
link   
This comes from Firefox and is written more in English.

"On a specially crafted page, the attacker first uses frames and a JavaScript history flaw to make it appear that a software installation is being triggered from addons.update.mozilla.org, one of the few sites allowed to install software by default. With this hurdle out of the way, the attacker can attempt to do some real damage. One of the parameters passed to the software installation method is an icon URL, which can be a piece of JavaScript code. As this JavaScript is executed from the chrome (the browser user interface rather than a Web page), it has 'full chrome privileges' and can do anything that the user running Firefox can. The attacker can therefore pass in some malicious JavaScript and run arbitrary code on the victim's system.

The vulnerability requires the attacker to trigger an install that appears to come from a whitelisted site. Fortunately, the Mozilla Foundation controls all of the sites in the default software installation whitelist, which has allowed them to take some preventative action by placing more checks in the server-side Mozilla Update code and moving the update site to another domain. We believe this means that users who have not added any additional sites to their software installation whitelist are no longer at risk."

Source: www.mozillazine.org...



posted on May, 8 2005 @ 11:46 PM
link   
If I read correctly, a fix would be to go to "Tools" then "Options" then "Web Features" and unclick the "Allow websites to install software"?



posted on May, 9 2005 @ 12:08 AM
link   
Speaking of security, I thought I had up to date software but just clicked on Tools, options, advanced, and checked for software updates. Now my net connection is suddenly a whole lot faster. Makes me wonder why it was quite a bit slower before using Firefox.



posted on May, 9 2005 @ 12:12 AM
link   
my firefox crashed today, lost all my saved data on it, it's the 3rd or 5th time it's happend well, after the second time I keep my IE as a backup and only used mozilla for certain sites (ATS being one of them), but my brother and the others in my house still used mostly firefox and lost most of their data, ah well........




top topics



 
0

log in

join