Announcement

Collapse
No announcement yet.

Firefox is having problems beware......

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Firefox is having problems beware......

    Matthew Broersma, Techworld.com Mon May 9,11:00 AM ET

    Firefox has unpatched "extremely critical" security holes and exploit code is already circulating on the Net, security researchers have warned.
    ADVERTISEMENT
    click here

    The two unpatched flaws in the Mozilla browser could allow an attacker to take control of your system.

    A patch is expected shortly, but in the meantime users can protect themselves by switching off JavaScript. In addition, the Mozilla Foundation has now made the flaws effectively impossible to exploit by changes to the server-side download mechanism on the update.mozilla.org and addons.mozilla.org sites, according to security experts.

    The flaws were confidentially reported to the Foundation on May 2, but by Saturday details had been leaked and were reported by several security organizations, including the French Security Incident Response Team (FrSIRT). Danish security firm Secunia marked the exploit as "extremely critical", its most serious rating, the first time it has given a Firefox flaw this rating.

    In recent months Firefox has gained significant market share from Microsoft's Internet Explorer, partly because it is considered less vulnerable to attacks. However, industry observers have long warned that the browser is more secure partly because of its relatively small user base. As Firefox's profile grows, attackers will increasingly target the browser.
    Two Vulnerabilities Found

    The exploit, discovered by Paul of Greyhats Security Group and Michael "mikx" Krax, makes use of two separate vulnerabilities. An attacker could create a malicious page using frames and a JavaScript history flaw to make software installations appear to be coming from a "trusted" site. By default, Firefox allows software installations from update.mozilla.org and addons.mozilla.org, but users can add their own sites to this whitelist.

    The second part of the exploit triggers software installation using an input verification bug in the "IconURL" parameter in the install mechanism. The effect is that a user could click on an icon and trigger the execution of malicious JavaScript code. Because the code is executed from the browser's user interface, it has the same privileges as the user running Firefox, according to researchers.

    Mozilla Foundation said it has protected most users from the exploit by altering the software installation mechanism on its two whitelisted sites. However, users may be vulnerable if they have added other sites to the whitelist, it warned.

    "We believe this means that users who have not added any additional sites to their software installation whitelist are no longer at risk," Mozilla Foundation said in a statement published on Mozillazine.org.
    RED LIGHT UP THAT CIGAR

  • #2
    Since I've been using Firefox (about a year) this is the first critical flaw while Internet Explorer has had dozens. I'll never use IE again. Firefox is a far superior browser.

    Comment


    • #3
      i agree frank...i love me some firefox..but i do gotto agree that once this becomes even more mainstream there will be alot of problems

      Comment


      • #4
        Originally posted by DOGHOODLUM
        i agree frank...i love me some firefox..but i do gotto agree that once this becomes even more mainstream there will be alot of problems
        You might be right. Although, since it is open source it'll never have the amount of problems that IE has.

        Comment


        • #5
          that is true and i sure hope not becaue i love it compared to IE. i was shocked when i first started using it that it blocked every single popup or ad.

          Comment


          • #6
            Firefox now has a 7% share of the browser market. IE is 88% down from 95.5% in less than one year.

            If you haven't done so I recommend all uses start using Firefox. I only use IE for windows updates and a few other secure web pages

            Comment


            • #7
              Frank, thanks to you I have been using firefox for a while just wanted to let you guys know....
              RED LIGHT UP THAT CIGAR

              Comment


              • #8
                Been using Firefox Mozilla for about 8 months now. love it!

                Comment

                Working...
                X