Attack Targets Mozilla Firefox
DComTalk.com Forum Index DComTalk.com
Discussion of VoIP, VPN, Video Conferencen, DSL and other data commucations.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web dcomtalk.com
Attack Targets Mozilla Firefox

 
Post new topic   Reply to topic    DComTalk.com Forum Index -> Telecom Technology
Author Message
Robert McMillan
Guest
Posted: Wed Dec 14, 2005 11:32 am    Post subject: Attack Targets Mozilla Firefox Reply with quote
Robert McMillan, IDG News ServiceTue Dec 13,10:00 AM ET

Computer users who have not upgraded to the latest version of
Mozilla's Firefox browser may now have an extra incentive to do so,
thanks to a hacker who has posted an exploit.

Exploit Shown

On Sunday, a hacker going by the name of Aviv Raff published sample
code that could be used to take over the computers of Firefox users
running version 1.0.4 or earlier of the browser. The exploit takes
advantage of a known bug in the way Firefox processes the popular
Javascript Web programming language.

"I think it's been enough time for people to upgrade from v1.0.4. of
Firefox. So, here is the PoC [proof of concept] exploit for the...
vulnerability," he wrote on his blog.

The bug was fixed in Mozilla version 1.0.5, which was released during
the summer, and has also been fixed in version 1.7.9 of the Mozilla
Suite, said Mike Schroepfer, vice president of engineering with
Mozilla. "As long as users keep updated to the latest version,
they're, in general, very safe."

Similar to IE Flaw

In some ways, this latest exploit is similar to highly publicized
attack code that has been circulating for the Microsoft Internet
Explorer browser, said Russ Cooper, editor of the NTBugtraq newslist
and a scientist with security vendor Cybertrust.

"It can install and run code of the attacker's choice if a victim
visits a malicious Web site," he said of the IE bug in an interview
via instant message.

Users who are not already in the habit of frequently updating their
browsers should change their ways, because browsers are "historically
broken," Cooper said. "That means they have vulnerabilities
regularly," he added. "You should keep them updated within 30 days of
patches being made available, regardless of what the patch is for."

The IE code, which was published in November, takes advantage of a
Javascript problem that has not yet been patched.

Many security experts expect Microsoft to patch its Javascript bug on
Tuesday, but the Redmond, Washington, software giant has not confirmed
that this will be the case.

Copyright 2005 PC World Communications, Inc.

NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily. And, discuss this and other topics in our forum at
http://telecom-digest.org/forum (or) http://telecom-digest.org/chat/index.html
Back to top
 
Post new topic   Reply to topic    DComTalk.com Forum Index -> Telecom Technology All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




VoIP Solutions: Telephone Systems Electronics Satellite TV Tech & Gadgets
Powered by phpBB