On TechRepublic: 10 dying IT skills
BNET Business Network:
BNET
TechRepublic
ZDNet
232 TalkBacks

By Munir Kotadia
Posted on ZDNet News: Apr 18, 2005 3:20:00 PM

Multiple vulnerabilities that could allow an attacker to install malicious code or steal personal data have been discovered in the Mozilla Suite and the Firefox open-source browser.

Details of the nine flaws were published on Mozilla's security Web site over the weekend.

Ian Latter, senior security consultant at Internet security specialist Pure Hacking, said most of the vulnerabilities are based on the way the applications handle JavaScript.

"There are some permission issues related to running JavaScript at an escalated privilege level. They remove some of the security measures used to keep JavaScript sandboxed and allow it to potentially do malicious things to your computer," Latter said.

Another issue could allow malicious scripts to gain access to random pieces of memory, he said.

"This random memory may or may not contain pieces of information about where you have been browsing. The worst-case scenario is that it could contain some personal or login information," said Latter.

On Monday, security advisory firm Secunia issued a "highly critical" rating on the flaws found in Mozilla Firefox 0.x and 1.x versions. Secunia posted its advisory on eight of the flaws.

According to the French Security Incident Response Team, attackers could run malicious code on a user's system because of a flaw in the Mozilla browser's pop-up blocker.

An advisory from the French group said, "When a pop-up is blocked, the user is given the ability to open that one pop-up...If the pop-up URL were JavaScript: selecting 'Show JavaScript:...' from the infobar or pop-up blocking status bar icon menus would run the JavaScript with elevated privileges, which could be used to install malicious software."

Another of the Firefox flaws can be exploited when a user visits a Web page that requires a plug-in that has not already been installed. The French advisory claims that if the browser's Plug-in Finder Service is used to automatically locate an appropriate plug-in, the "manual install" function can be used to "launch arbitrary code capable of stealing local data or installing malicious code."

All versions of Mozilla Suite prior to version 1.7.7 and all versions of Firefox prior to 1.0.3 are vulnerable.

Pure Hacking's Latter advises users to either disable JavaScript or download a patched version from Mozilla's Web site.

Munir Kotadia of ZDNet Australia reported from Sydney.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 232 Talkback(s)
If you were #1 and the first on the block???
Let's be professional and truly honest about our comments. The #1 one ranked browser will get most of the attention from hackers, spammers, and the like. Reason, anyone who thrives on receiving reco... (Read the rest)
Posted by: webmaster@... Posted on: 04/25/05 You are currently: a Guest | | Terms of Use
Sheesh.. another Mozilla flaw..  Prognosticator | 04/18/05
The flaw has already been patched.  Letophoro | 04/18/05
It's not the M$hills fault...  Xunil_Sierutuf | 04/18/05
Nice spin loser!  vdraken | 04/18/05
who are you calling loser, loser?  stormdoor | 04/18/05
LOL.. I try...  Xunil_Sierutuf | 04/18/05
Really?  Jeff Spicoli | 04/18/05
Isn't it "delay/deny patch.... cover-up, re-patch"?  Xunil_Sierutuf | 04/18/05
Delay/deny/"patch", scandisk, defrag, debloat, spy scan/virus scan/brain sc  Jeff Spicoli | 04/18/05
When you don't have the facts, attact the messenger  bugmenotznet | 04/18/05
Uh Huh, sure thing sparky  Vassa | 04/18/05
well how bout this overlooked news  IceTheNet@... | 04/19/05
I have 1.0.3...  todbran@... | 04/18/05
Wasn't this released last week?  nucrash | 04/18/05
Nothing is bulletproof...  BitTwiddler | 04/18/05
Ratings  SC-man | 04/18/05
Hey, Troll.  Judas I. | 04/18/05
Good!  Mack DaNife | 04/18/05
All Software has flaws  bugmenotznet | 04/18/05
Please stop being logical  BXLE | 04/18/05
Fixing the flaws  Tert | 04/18/05
It's open source  IceTheNet@... | 04/19/05
Not surprising at all...  spydrlink@... | 04/18/05
That's good news  alterego_z | 04/18/05
4th time???  stevep12@... | 04/18/05
Good, I am glad  michael-t | 04/18/05
sheesh  snowbeard | 04/18/05
How long would MS take to admit Flaws?  Bawanab | 04/18/05
Must be Monday  FilledOut | 04/19/05
heh  CobraA1 | 04/19/05
Betcha RP's a Luser, not an IT/Admin (nt)  tbbrickster_z | 04/19/05
Good . . .  Sheeva | 04/20/05
Of course IE has no Flaws.  lengua99 | 04/23/05
If you were #1 and the first on the block???  webmaster@... | 04/25/05
So use only the latest version or ...  George Mitchell | 04/18/05
My only complaint...  Real World | 04/18/05
At least this time...  PA-ITGuy | 04/18/05
Hurray!!!  Michael Kelly | 04/18/05
It shows up fine under Qute  Jeff Spicoli | 04/18/05
Saferfox Xpanded (small icons)  Michael Kelly | 04/18/05
They do  Yagotta B. Kidding | 04/18/05
Binary patches are kludges  Hugh Jass | 04/18/05
Since the full binary install is so small  Michael Kelly | 04/18/05
Why are you complaining  IceTheNet@... | 04/19/05
Another complaint...  boomslang_z | 04/19/05
Flaws exist everywhere... Just a matter of finding them...  shmeep | 04/18/05
As a developer, you must aware of another factor - risk  Taz_z | 04/18/05
More flaws are found when you have access to the source.  Xunil_Sierutuf | 04/18/05
Interesting  shmeep | 04/18/05
HAHAHAHA!  vdraken | 04/18/05
Same can be said about MS  stormdoor | 04/18/05
Do you hear what you are saying?  Xunil_Sierutuf | 04/18/05
You are right!!  Mack DaNife | 04/18/05
Wow, we got a real newbie here  Jeff Spicoli | 04/18/05
TeX  Yagotta B. Kidding | 04/18/05
Flawless Software  High Sierra | 04/18/05
I have a copy of 'Hello, World!' that is flawless wink (NT)  Hugh Jass | 04/18/05
That's right  michael-t | 04/18/05
yea?  wimbo_z | 04/18/05
Pay me  AnyOldUser | 04/18/05
You better let evryone know ....  michael-t | 04/18/05
Laughable  bumberfsck | 04/18/05
Moz flaws  xanadu@... | 04/18/05
I am loving this....  Mike Cox | 04/18/05
8.5  Real World | 04/18/05
9.9!!!  Mack DaNife | 04/18/05
See people???  SC-man | 04/18/05
9  WhoDaMan | 04/18/05
My Rep E-mailed Me This Morning Too  itanalyst | 04/18/05
Now THAT would be funny!  SC-man | 04/18/05
Or  IT_User | 04/18/05
I don't know  taliesinangelus | 04/18/05
now this is good. this is comedy.  wimbo_z | 04/18/05
9.9 - I'm speechless!!!  luke_sg | 04/18/05
9.9471295 Take a bow and Curtain Call  Squawkbox | 04/18/05
And then you REALLY woke up..  jmorris9999 | 04/18/05
in the Air Farce  vandamme | 04/18/05
5.5  taliesinangelus | 04/18/05
I wish I knew what genius factory you worked in..  Bill F. | 04/18/05
Wake Up and Smell the Coffee  PMC-CON | 04/18/05
Need Help Knawing your leg off...  boomslang_z | 04/18/05
Your post is intriguing:  Hugh Jass | 04/18/05
Hey Bill, Your lip hurts big time  osreinstall | 04/18/05
Huh?  SC-man | 04/19/05
Message has been deleted.  todbran@... | 04/18/05
Loving yourself  rottdawg | 04/18/05
Suckerfish alert...  boomslang_z | 04/19/05
moron  stevep12@... | 04/18/05
Another Mark sighted, sell him the Brooklyn Bridge...  boomslang_z | 04/18/05
Ahh Pidgeon...  boomslang_z | 04/18/05
OK, that IS funny!  tjleeland | 04/18/05
Fantasy Life Continues Unabated ...  PMC-CON | 04/18/05
...and catches more uninitiated. (9.0)  jheine | 04/18/05
RE: "Microsoft-breathing corporate wonk."  wimbo_z | 04/18/05
Daily Show  PBWizard | 04/19/05
BTW IT Guys Don't Fire People  tjleeland | 04/18/05
Another one bites the bait...  boomslang_z | 04/19/05
WTF?!?!  SC-man | 04/19/05
Excessive Pontification, reduce it to -0.1...  boomslang_z | 04/19/05
Finally,  SC-man | 04/20/05
I think it is time to start  michael-t | 04/18/05
That's just plain foolish  wresnick | 04/18/05
Another Software Zealot hooked...  boomslang_z | 04/19/05
WOW  joe.adams@... | 04/18/05
And you shouldn't have responded...  boomslang_z | 04/19/05
9.9  wimbo_z | 04/18/05
Damn Mike, you're reeling in the newbies (9.9)  dave95 | 04/18/05
Gee is Microsoft perfect?  snowbeard | 04/18/05
And yet another one!  SC-man | 04/19/05
How many fish are in the sea?  shallow_diver | 04/19/05
True story: my rep couldn't get an e-mail through...  Fred Fredrickson | 04/19/05
Who?????  Middle of the Road | 04/19/05
Well, we've at least established who you work for...  boomslang_z | 04/19/05
I didn't want to reply to this message but..  IceTheNet@... | 04/19/05
Mike Cox's Catch And Release Program...  boomslang_z | 04/19/05
I'm just glad theres other browers in the market no more IE only brower.  M_c | 04/18/05
IE never was only choice and open source security a myth  bumberfsck | 04/18/05
Security and the Net  d13master | 04/18/05
RE: IE never was only choice and open source security a myth  richdave | 04/18/05
IE was never Only choice.... ignorant coders  Bandokan | 04/19/05
Where have you been?  PBWizard | 04/19/05
You're all fools -- Flame intended  grd003 | 04/18/05
And we have a winner!!!!  Mack DaNife | 04/18/05
Low rating  SC-man | 04/18/05
I don't know  sokushi jonez | 04/18/05
Actually, No ...  coffeenite | 04/18/05
Actually, Yes ?  Joel R | 04/18/05
Thanks  RAnthony | 04/18/05
Touche'  PBWizard | 04/19/05
Who da fool?  semimoto | 04/18/05
...oh! you missed...  grd003 | 04/18/05
Just better, really  tjleeland | 04/18/05
Message has been deleted.  rottdawg | 04/18/05
You left the most important ingredient out  michael-t | 04/18/05
MS not all that ... the open market still has choices Thank God  Bandokan | 04/19/05
harsh words fool  johni123 | 04/18/05
I'm with YOU  strawbrn | 04/18/05
Message has been deleted.  snowbeard | 04/18/05
Illogical thread Jerry ... MS = BS  Bandokan | 04/19/05
If I prove you wrong then your the fool  IceTheNet@... | 04/19/05
patch already installed  RIAAsucks | 04/18/05
patched and happy about it  slurpee | 04/18/05
yup, patched before this "news" came out  piercedtiger | 04/18/05
Me Too!  IceTheNet@... | 04/19/05
Patch Installed  tc4896 | 04/20/05
Here's the difference ...  Henaway | 04/18/05
You misunderstood  TimeBomb | 04/18/05
Not quite.  Zogg | 04/19/05
Anything popular is a target...  Uber Dweeb | 04/18/05
RE: Anything popular is a target...  richdave | 04/18/05
Seeing as a lot of hacking is done by Organized Crime...  Zogg | 04/19/05
Flaws?  Reverend MacFellow | 04/18/05
M$ at it again, spin city  rjbryla | 04/18/05
Ten Times Better? Metric Challenged?  PMC-CON | 04/18/05
Winding up????  r507 | 04/18/05
Not Suprising...  peter@... | 04/18/05
"the real problem...the stupid user!!!"  I_am_hellion_z | 04/18/05
Someone got it right!  PBWizard | 04/19/05
flaws are fixed very quickly - the article misses the point  ivanii | 04/18/05
Summoned to the bunker  kelliman | 04/18/05
re: flaws exist everywhere  cfbandit | 04/18/05
It's JavaScript what do you expect  IceTheNet@... | 04/19/05
Updates?  chevyone | 04/18/05
FF Tells You  tbbrickster_z | 04/19/05
Ostrich's, sand, zealot ????  GetReal-mac.com | 04/18/05
Oops... supposed to be a response to 'MS at it again'  GetReal-mac.com | 04/18/05
A LITTLE TOO MUCH INFORMATION  jack@... | 04/18/05
Wrong.  Fred Fredrickson | 04/19/05
If a tree?  PBWizard | 04/19/05
That not a bug it's a feature  IceTheNet@... | 04/19/05
Corporate Spy's and Organized Crime Hackers...  boomslang_z | 04/19/05
Mikey---Time for your own show on Comedy Channel  drichards1953 | 04/18/05
The *Real* Problem...  Jmodene | 04/18/05
Hackers  PBWizard | 04/19/05
lets look at this with an open mind shall we?  mrbass21 | 04/18/05
LIE's ALL LIES  IceTheNet@... | 04/19/05
If IE is so good why ...  johnniecast@... | 04/19/05
THIS STORY IS STUPID  MalwareAvenger | 04/18/05
Its the 'hacker' approach  hawkeyeaz1 | 04/18/05
Ziff Davis  snowbeard | 04/18/05
MS Shares!  Angrier | 04/19/05
The Authors are Stupid, too !  sundownlady | 04/19/05
Solution already posted out  michael-t | 04/18/05
FireFox is Okay by me.........  KMeetin | 04/18/05
Did you read it?  TimeBomb | 04/18/05
Mozilla flaws  bgoody02n@... | 04/18/05
Stop the Whining! Flaws are Normal  dl@... | 04/18/05
What happend to all the IE Fanboys  IceTheNet@... | 04/19/05
It's already Patched  Crogon | 04/18/05
What, me worry!  Majick1 | 04/18/05
Mozilla flaws could allow attacks...  rsterrell3@... | 04/18/05
Updates  rebmp3 | 04/18/05
Guess again  PBWizard | 04/19/05
Just Download the Program  IceTheNet@... | 04/19/05
One for Fire Fox  jwick | 04/18/05
mozilla i told you so  johni123 | 04/18/05
Spelling? What Spelling?  PBWizard | 04/19/05
Micro what?  RAnthony | 04/18/05
Lol! How's biz??  golowenow | 04/18/05
I still use Mozilla  Fitzhugh | 04/18/05
NUFF SAID!  golowenow | 04/18/05
FP jockey  PBWizard | 04/19/05
Mozilla flaws could allow  cerrosur | 04/18/05
Definitely sticking to Firefox  jones172 | 04/18/05
OpenSource no better than MS  LinuxBigotsAreMorons | 04/18/05
Try Again Moron  PBWizard | 04/19/05
Missing the point?  draadkar | 04/18/05
Having trouble  jhughe26 | 04/19/05
Quick fix reassures me  Ferd666 | 04/19/05
Learn to read CRITICALLY  rock06r | 04/19/05
Learn to CRITICALLY THINK!!  code_author | 04/19/05
Thanks for validating my argument  rock06r | 04/19/05
You expect a lot here  FilledOut | 04/19/05
Did you type that from FireFox  IceTheNet@... | 04/19/05
Quick Fixes  PBWizard | 04/19/05
The firefox folks have surprising similarity to  rock06r | 04/19/05
Rock on dude...  boomslang_z | 04/19/05
don't worry  LeViL | 04/19/05
Geez! Duzzint ennyboddie no how two rite ennymoore?  kbeartxzd | 04/19/05
Writing  SC-man | 04/19/05
It's not that I've never seen the like before ...  kbeartxzd | 04/19/05
Hey Someone who can spell  PBWizard | 04/19/05
OMG - a flaw!  kokuryu | 04/19/05
Fox Flaw Fix Good, Secret IE Flaw Bad  doctordawg | 04/19/05
Why the attitude?  IT Scion | 04/19/05
So what?  dscherm | 04/19/05
Firefox 1.0.3  otokichi | 04/19/05
Spelling or lack thereof  PBWizard | 04/19/05
grammer  PBWizard | 04/19/05
mozilla flaws  mountrk@... | 04/19/05
Open Source Fundamentalist  reniermaritz | 04/20/05
Firefox Screwed my laptop up  bravo632055 | 04/20/05

What do you think?

advertisement
advertisement
Click Here

White Papers, Webcasts, and Downloads

Meet Doc

  • Here to help you with your Document Management Needs
  • Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
  • To learn more about this mysterious figure check out his blog on ZDNet and his Workspace on TechRepublic. You’ll be glad you did.
  • Produced by
    ZDNet and