Critical Firefox security hole
p2pnet news | security:- A critical security flaw which could be used by hackers has been found in Firefox, says Wired.
Discovered by Thor Larholm, the danger, “lies within the browser’s ‘firefoxurl://’ handler,” says the story, going on.
In this particular exploit, a user would have to be persuaded to click on a link containing that handler with Internet Explorer.
If they also have Firefox installed, the website owner could force Firefox to run malicious code without any sort of cross-application validation.
Larholm says it’s the same type of input validation vulnerability he discovered in the Safari 3 beta.
The vulnerability has been confirmed in Firefox version 2.0.0.4 on a fully patched Windows XP SP2, says Wired.
Also See:
Wired – New Security Flaw Discovered in Mozilla Firefox, July 10, 2007
Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details. Download here.
July 10th, 2007 at 3:53 pm
So the precondition is that your are using internet explorer? Well, that rules out everyone using GNU / Linux, and alot of other operating systems. Not to mention that xp runs as administrator by default, which means the code will have admin permissions. Again, a flaw which relies solely on a windows OS, no surprise there.
July 10th, 2007 at 9:48 pm
I don’t fully understand it I guess. It seems, while it is something that firefox can patch, the problem does indeed lie in the way that IE does not validate any such commands.
July 11th, 2007 at 2:26 am
how to remove 90% of security risks: get LINUX or freeBSD
i wold recommend Ubuntu for any windows user who wants to try a free operating system.
LINUX had many of the new features in vista such as instant search years ago.