On CBS News: Targeting Gun Control laws
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack

By Dawn Kawamoto, News.com
Posted on ZDNet News: May 9, 2005 3:14:00 PM

Two vulnerabilities in the popular Firefox browser have been rated "extremely critical" because exploit code is now available to take advantage of them.

The cross-site scripting and remote system access flaws were discovered in Firefox version 1.0.3, but other versions may also be affected, said security company Secunia, which issued the ratings Sunday.


News.blog
Security
Get our reporters'
take on what's happen-
ing in the world of
spam and scams.

The two vulnerabilities, when combined, can be exploited, but no known cases have yet emerged where an attacker took advantage of the public exploit code.

One flaw involves "IFRAME" JavaScript URLs, which are not properly protected from being executed in the context of another URL in the history list.

"If you visit a malicious Web site, it can steal cookie information from other Web sites you had previously visited," said Thomas Kristensen, Secunia's chief technology officer. The attacker could then use that information to engage in identity theft or gain access to other password-protected sites that the victim visited.

A second vulnerability exists in the IconURL parameter in InstallTrigger.install(). Information passed to this parameter is not properly verified before it's used, allowing an attacker to gain user privileges. This flaw could allow an attacker to gain and escalate user privileges on a system.

People who want new extensions or themes need to go to the Mozilla update service. These extensions and themes will need to be manually installed.

Since the vulnerabilities were discovered over the weekend, the Mozilla Foundation, which owns Firefox, has taken preventive measures.

Mozilla has changed its update Web service and advises people to temporarily disable JavaScript.

However, people who download and install the Mozilla software from third-party sites are still at risk, Kristensen said.

"The threat still exists but is less critical now," he noted. "People can go to third-party sites to install the software, but it's not going to happen on as wide a scale as it had with the Mozilla sites."

  • Talkback
  • Most Recent of 445 Talkback(s)
Lock IE
Give IE lock a try. I think it will do what you want.

http://www.simpliciti.biz/ielock.htm... (Read the rest)
Posted by: dhc12 Posted on: 07/06/05 You are currently: Logged In | Log out
Maybe it's time to make a jump to Opera? worknman   | 05/09/05
No kidding flatliner   | 05/09/05
Don't bother Real World   | 05/09/05
Go ahead, bother m_slaska@...   | 05/09/05
Besides ... worknman   | 05/09/05
Seems like the only safe way to surf is to toomuchgreeatea@...   | 05/09/05
Another safe way to surf Hugh Jass   | 05/09/05
You could always use Lynx Joel R   | 05/12/05
re: Besides... jdh-miami@...   | 05/12/05
Curious Reasoning TBearr   | 05/12/05
Opera vs Firefox vs IE rishadq   | 05/09/05
Agree About Opera TeWaitere_z   | 05/09/05
Opera pros rishadq   | 05/09/05
Opera Live Forever! jerushy44   | 05/09/05
Righto tvsmoney   | 05/10/05
Opera is the business david@...   | 05/11/05
Really SillyCat   | 05/12/05
Maybe it's time to declare war on HACKERS! graybeard2   | 05/09/05
Junp to Netscape? mkrupsky@...   | 05/09/05
Uhhhh...not! iwfish@...   | 05/11/05
Known in advance IFRAME exploit? LinuxHippie   | 05/09/05
Time to go back to I.E. No_Ax_to_Grind   | 05/09/05
Go ahead Real World   | 05/09/05
I suppose, if that is your goal. No_Ax_to_Grind   | 05/09/05
But you must admit Real World   | 05/09/05
He shouldn't admit... Anton Philidor   | 05/09/05
Extensions, Real World   | 05/09/05
Do you want those features separately... Anton Philidor   | 05/09/05
Not a one-OS world, IE is not always the answer yyuko@...   | 05/09/05
Does compatibility with existing standards count as a feature...? The King's Servant   | 05/09/05
Well . . . tvsmoney   | 05/10/05
To TVSMoney: Did you read my other post? The King's Servant   | 05/12/05
Have I missed something? ppw_z   | 05/09/05
military intelligence linuxoverwindows   | 05/09/05
Don't piss on windows brokenuser   | 05/09/05
Why Shoot @ Microsoft... Wolfie2K3   | 05/09/05
i hope you aint spewin that drivel my way... linuxoverwindows   | 05/10/05
Could I do better? Joel R   | 05/09/05
hear hear linuxoverwindows   | 05/10/05
i dont piss on windows linuxoverwindows   | 05/10/05
Don't Piss on Electric Fences Either IceTheNet@...   | 05/11/05
Do you say that from experience? kribor_z   | 05/12/05
what ever works best ffong1761@...   | 05/09/05
In Other Words.... DragonBRockin   | 05/09/05
smoking some rope amigo Jeff Spicoli   | 05/09/05
You're perhaps more guilty of trolling Spicoli ye   | 05/09/05
Message has been deleted. Jeff Spicoli   | 05/09/05
Jeff proves once again... DragonBRockin   | 05/09/05
Gee did I touch a nerve DragonBRockin   | 05/09/05
NO ONE steps on the Fox Jeff Spicoli   | 05/09/05
OMG I nearly fell off my chair reading this garbage... Scrat   | 05/10/05
what... linuxoverwindows   | 05/09/05
Fixing What? kalistes   | 05/09/05
Ah! Where to start. The King's Servant   | 05/09/05
Hacked Encryption v. Hacked Software kalistes   | 05/09/05
Granted. Not a fair comparison. But.... The King's Servant   | 05/09/05
yes :) linuxoverwindows   | 05/10/05
GREAT Rant! Wolfie2K3   | 05/09/05
this is so true linuxoverwindows   | 05/10/05
Really? You just defeated your own argument... PeregrineFalcon   | 05/10/05
it will be fixed sortly linuxoverwindows   | 05/10/05
So then I guess Jeff Spicoli   | 05/09/05
Allow me to answer this Ax... DragonBRockin   | 05/09/05
this post is not even worth responding to.. Jeff Spicoli   | 05/09/05
Awww poor Jeff... DragonBRockin   | 05/09/05
Message has been deleted. Jeff Spicoli   | 05/09/05
Like What??? DragonBRockin   | 05/09/05
Problem is you cant handle it DragonBRockin   | 05/09/05
I don't resort.. Jeff Spicoli   | 05/09/05
From your post above I've proved my point DragonBRockin   | 05/09/05
The only case.. Jeff Spicoli   | 05/09/05
Give it a rest DragonBRockin   | 05/09/05
And yet.. Jeff Spicoli   | 05/09/05
But... DragonBRockin   | 05/09/05
Thankfully you admit DragonBRockin   | 05/09/05
I admit.. Jeff Spicoli   | 05/09/05
Then why did you respond to it? ye   | 05/09/05
RE: Then why did you respond to it? nightshade0143   | 05/09/05
Gimme the cruelty !! s_gamgee   | 05/10/05
finish him! linuxoverwindows   | 05/10/05
Discouraging... marty153   | 05/09/05
Not 90% can't be wrong.. 90% forced by bundling Xunil_Sierutuf   | 05/09/05
Another helpless crybaby osreinstall   | 05/09/05
w00t linuxoverwindows   | 05/09/05
This is better osreinstall   | 05/09/05
i didnt mean it as if linux wasnt affected... linuxoverwindows   | 05/10/05
The Gun... s_gamgee   | 05/10/05
If your a newbee osreinstall   | 05/10/05
lock stock and 2 smoking barrels linuxoverwindows   | 05/10/05
Easy NixoverWin osreinstall   | 05/10/05
MS has 90% because Netscape dropped the ball voska   | 05/09/05
You're right. Anton Philidor   | 05/09/05
I agree DragonBRockin   | 05/09/05
marketshare vs. actual installs linuxoverwindows   | 05/09/05
re: 90% forced by bundling Tert   | 05/09/05
Uh huh.. Yup.. Wolfie2K3   | 05/09/05
how i see it... linuxoverwindows   | 05/10/05
in other news... Scrat   | 05/10/05
So "90% market share can't be wrong," ... Judas I.   | 05/09/05
So Microsoft might keep a flaw secret... Anton Philidor   | 05/09/05
Sure it's an advantage: why invest your time coding for an exploit ... Judas I.   | 05/09/05
Because... Wolfie2K3   | 05/09/05
Wolfie2K3, you can do the same thing, ... Judas I.   | 05/10/05
You are wrong... BitTwiddler   | 05/09/05
Your Right DragonBRockin   | 05/09/05
Nothing is idiot proof... Anton Philidor   | 05/09/05
The problem is bigger than you imagine... Scrat   | 05/10/05
I disagree voska   | 05/09/05
here is a screenshot of ie7 linuxoverwindows   | 05/09/05
BWAHAHAHA!!! Jeff Spicoli   | 05/09/05
Avant is better than IE Fleeb   | 05/09/05
A shill by any other name stormdoor   | 05/09/05
huh? linuxoverwindows   | 05/09/05
what can ie do that ff cant? linuxoverwindows   | 05/09/05
Great Logic! NOT! ajole   | 05/09/05
Flies SantiagoCrespo   | 05/09/05
How do you lock IE down wexwimpy@...   | 05/09/05
Start with DragonBRockin   | 05/09/05
exactly linuxoverwindows   | 05/09/05
Prompt, not disable Anton Philidor   | 05/09/05
What about the avg. user? timoute   | 05/09/05
Lock IE dhc12   | 07/06/05
walkthrough linuxoverwindows   | 05/09/05
How do you lock IE down? ppw_z   | 05/09/05
Actually, I believe Opera is the easiest browser to use jjon2121   | 05/09/05
90% can't be wrong? s_gamgee   | 05/10/05
....... PeregrineFalcon   | 05/10/05
Well.... todbran@...   | 05/11/05
DragonBStupid kribor_z   | 05/12/05
Never? dch48   | 05/09/05
ActiveX?? You WANT ActiveX?? PeregrineFalcon   | 05/10/05
Racial Slur PMC-CON   | 05/09/05
Nope, I'll wait for IE 7 voska   | 05/09/05
This doesn't prove anything - yet ... Patrick Jones   | 05/09/05
Smoking...? Xunil_Sierutuf   | 05/09/05
Avoid the real issue, call others names. No_Ax_to_Grind   | 05/09/05
Ahhhhh yes.. Jeff Spicoli   | 05/09/05
Now you're drinking, too? Xunil_Sierutuf   | 05/09/05
Yeah, right... BitTwiddler   | 05/09/05
Message has been deleted. Jeff Spicoli   | 05/09/05
Why did they delete this? Patrick Jones   | 05/09/05
they always delete jeff's posts :P (nt) linuxoverwindows   | 05/09/05
If you are into 3 or 4 year old technology, go for it! B.O.F.H.   | 05/09/05
Time to go back? dimonic   | 05/09/05
Or Netscape mkrupsky@...   | 05/09/05
MS not in drivers seat precious259   | 05/10/05
You're absolutely right... Motu   | 05/11/05
No matter..Mo Firefox is STILL top dog Jeff Spicoli   | 05/09/05
well, u got a point.. ARyKaXaN   | 05/09/05
heres why: linuxoverwindows   | 05/09/05
RE: well, u got a point.. nightshade0143   | 05/09/05
lin vs win linuxoverwindows   | 05/10/05
Nobody Ever Bought A Bad Car !!!! GetReal-mac.com   | 05/11/05
if you get hacked using ff, its because... linuxoverwindows   | 05/09/05
bashing ... AnyOldUser   | 05/09/05
i just come for the good times :P linuxoverwindows   | 05/10/05
and yet they say..... Scrat   | 05/10/05
Aaaaa. What the... computer_man   | 05/09/05
Yes and no. The King's Servant   | 05/09/05
Alas, poor FireFox... still running on a flawed OS.. Xunil_Sierutuf   | 05/09/05
In yer face: Real World   | 05/09/05