Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Announcements
 Announcements: Community
 Mozilla Flaw Lets Links Run Arbitrary Programs
 New Topic  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

Davio
Development Team Member

Jamaica
12217 Posts

Posted - 09 July 2004 :  00:21:25  Show Profile
By Larry Seltzer
July 8, 2004

Updated: The Mozilla Foundation has confirmed findings that its Mozilla and Firefox browsers are vulnerable to attacks using the "shell:" scheme, which execute arbitrary code under Windows without the user having to click a link.


Security researchers are reporting another security issue in Web browsing under Windows, but this time Internet Explorer is not the culprit. The Mozilla Foundation's Mozilla and Firefox are reported as vulnerable.

The Mozilla Foundation has confirmed the problem and issued a fix, which is available here.

The reports indicate that links in a Web page using the "shell:" scheme can execute arbitrary programs on the user's system. The attacker would have to know the location in the file system of the program, but there are known programs in Windows with buffer overflows.

This means the attacker could create a link in a Web page that could execute arbitrary code under Windows. Through the use of an appropriate META tag, the attack could load without the user having to click a link explicitly.

Read More ...


This security flaw affects Mozilla, Firefox and Thunderbird. If anyone is running any of these software, you can find the fix for it here: http://www.mozilla.org/security/shell.html

Support Snitz Forums

Gremlin
General Help Moderator

New Zealand
7528 Posts

Posted - 10 July 2004 :  06:17:15  Show Profile  Visit Gremlin's Homepage
There was a phishing exploit reported a while back too but seems to have been kept fairly quiet, not sure if it was fixed with the recent releases or not. I found the bulletin about it over at ISC IIRC.

Kiwihosting.Net - The Forum Hosting Specialists
Go to Top of Page

Astralis
Senior Member

USA
1218 Posts

Posted - 11 July 2004 :  23:23:17  Show Profile  Send Astralis a Yahoo! Message
At least with Internet Explorer the media will alert you about the security updates.
Go to Top of Page

Gremlin
General Help Moderator

New Zealand
7528 Posts

Posted - 12 July 2004 :  01:05:11  Show Profile  Visit Gremlin's Homepage
Thats true, one interesting Mozzila tend to keep things pretty hush if they can, there are more "undocumented" exploits known about Mozilla too I've been hearing lately.

Kiwihosting.Net - The Forum Hosting Specialists
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.12 seconds. Powered By: Snitz Forums 2000 Version 3.4.07