Welcome to P2PNET.net - The original daily p2p and digital news site. Always First!
Register | Login
RIAA News
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
TV
Open Source
Mobiles
Advertising
Product News
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
Kids and Kartels
Search: 
Search
 
Web P2PNET   
   Search: 
Search
Torrent Site Tracker
TekSavvy
 
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code

Two exploitable Firefox holes

p2pnet.net News:- Two extremely critical security holes that could be exploited by hackers have been discovered in Firefox.

When combined, the vulnerabilities could allow someone to conduct cross-site scripting attacks and compromise a user’s system, says Secunia.

Exploits are publicly available but, “There are currently no known active exploits of these vulnerabilities although a ‘proof of concept’ has been reported,” says Mozilla, going on:

“Changes to the Mozilla Update web service have been made to mitigate the risk of an exploit.”

Secunia points out that a temporary solution stops the publicly available exploit code using a combination of vulnerability 1 and 2 to execute arbitrary code in the default settings of Firefox.

The solution has been added to the sites “update.mozilla.org” and “addons.mozilla.org” where requests are redirected to “do-not-add.mozilla.org”. You’re also advised to temporarily disable JavaScript.

Something you think we should know? tips[at]p2pnet.net

See:-
SecuniaMozilla Firefox Two Vulnerabilities, May 9, 2005
MozillaSecurity Advisory, May 8, 2005


This entry was posted on Monday, May 9th, 2005 at 5:06 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 3073 times

« previous Canada’s right to choose
Hilary Rosen to Steve Jobs: next »

3 Responses to “Two exploitable Firefox holes”

  1. Reader's Write Says:
    May 10th, 2005 at 6:03 pm

    The latest exploits to surface for firefox are merely a fly in the ointment as far as I can see. Until a patch comes out, it’s simply a matter of disabling javascript… Exploit closed.

    Meanwhile, in the dark, damp, dungeonesque dwelling of IE there are, at present, at least 24 unpatched vulerabilities, some that have been unpatched since 2003! One is even able to directly cause a Denial of Service (DoS) attack.

    Out of 80 vulnerabilities discovered in the last 2 years in IE, only 55% have been completely patched. A very poor security record if you ask me.

    Compare this with the 16 vulnerabilities discovered in Firefox within the same time period (I know it’s not really been out for two years but blame the Secunia statisticians, not me ;) ). Of the 16 discovered security holes, only 5 remain unpatched, and only 1 or 2 are critical (being that you need to use these two latest vuln’s to have serious malicious capabilities, I wasn’t sure if they counted as one or two).

    All in all, Firefox still has a lot more going for it than IE. Now that it’s passed the 50million download mark, maybe more crackers will have a go at attacking the little red panda and more, serious holes will appear. This remains to be seen. However, the flip-side of this is that as more average users migrate to Firefox, more experienced prgrammers and budding amateurs alike will swarm all over the open source engine and pitch in to help patch the holes as they appear. Kind of like a team of little dutch cyber-boy’s sticking their finger’s into the cyber-dam of Firefox security…… Yes, yes, I know that’s a very stretched analogy but hey, i’m tired. lol

  2. Reader's Write Says:
    May 11th, 2005 at 4:07 pm

    i think firefox might be good but i still like maxthon o well bugs are fixed ect and theres no stoping scripts from installing viruses and all so yea..Well ok

  3. Reader's Write Says:
    May 11th, 2005 at 5:43 pm

    Following quote direct from Maxthon Homepage:

    “Maxthon Internet Browser software is a powerful tabbed browser with a highly customizable interface. It is based on the Internet Explorer browser engine (your most likely current web browser) which means that what works in the IE browser will work the same in Maxthon tabbed browser but with many additional efficient features like…”

    … all those nasty security holes that make hacking IE so easy. I’m even tempted to learn how to manipulate one or two of them to mess with my mates! *cue evil laugh*

    I do try my utmost to educate friends and relatives on best practices and safe browsing. They usually just smile, nod understandingly and then completely ignore my advice. So now it’s time to teach by example. Maybe i’ll find that daft wee joke program which pretends to delete the entire contents of your c: drive and plant it on their system with a filename like iexplore.exe. Or maybe just change their wallpaper every couple of hours, I dunno but it’s surely tempting!!

    Seriously though, you may enjoy using Maxthon but your really no better off than IE users, oh sorry wait, there’s an ad-blocker… That must be useful considering your still using IE! And that external utility bar sounds like trouble to me, how difficult would it be to hide a keylogger in there by using an icon with 0 by 0 dimensions? Maybe not possible to do from a remote location but if someone was able to use another exploit which gave them admin priveledges on the host then it would be childsplay as Maxthon would assume that it was the local user making the changes…. That’s my two pennies worth anyway.

Leave a Reply

Please no Spam, flaming (attacking others), trolling, and posting off-topic. Thanks.

    Advertisements
MP3Rocket


Remove Spyware with AntiSpyware for Windows®