Author |
Topic |
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 09 July 2004 : 00:21:25
|
By Larry Seltzer July 8, 2004
Updated: The Mozilla Foundation has confirmed findings that its Mozilla and Firefox browsers are vulnerable to attacks using the "shell:" scheme, which execute arbitrary code under Windows without the user having to click a link.
Security researchers are reporting another security issue in Web browsing under Windows, but this time Internet Explorer is not the culprit. The Mozilla Foundation's Mozilla and Firefox are reported as vulnerable.
The Mozilla Foundation has confirmed the problem and issued a fix, which is available here.
The reports indicate that links in a Web page using the "shell:" scheme can execute arbitrary programs on the user's system. The attacker would have to know the location in the file system of the program, but there are known programs in Windows with buffer overflows.
This means the attacker could create a link in a Web page that could execute arbitrary code under Windows. Through the use of an appropriate META tag, the attack could load without the user having to click a link explicitly.
Read More ...
This security flaw affects Mozilla, Firefox and Thunderbird. If anyone is running any of these software, you can find the fix for it here: http://www.mozilla.org/security/shell.html |
Support Snitz Forums
|
|
Gremlin
General Help Moderator
New Zealand
7528 Posts |
Posted - 10 July 2004 : 06:17:15
|
There was a phishing exploit reported a while back too but seems to have been kept fairly quiet, not sure if it was fixed with the recent releases or not. I found the bulletin about it over at ISC IIRC. |
Kiwihosting.Net - The Forum Hosting Specialists
|
|
|
Astralis
Senior Member
USA
1218 Posts |
Posted - 11 July 2004 : 23:23:17
|
At least with Internet Explorer the media will alert you about the security updates. |
|
|
Gremlin
General Help Moderator
New Zealand
7528 Posts |
Posted - 12 July 2004 : 01:05:11
|
Thats true, one interesting Mozzila tend to keep things pretty hush if they can, there are more "undocumented" exploits known about Mozilla too I've been hearing lately. |
Kiwihosting.Net - The Forum Hosting Specialists
|
|
|
|
Topic |
|