Advertisement
Promo

Security threats Toolkit

Exploit published for old Firefox flaw

Joris Evers CNET News

Published: 07 Jul 2005 11:00 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Computer code that could be used to attack systems with older versions of Firefox has been released on the Internet, security experts have warned.

The exploit code takes advantage of a security vulnerability in Firefox 1.0.1 and earlier versions of the open source Web browser, the French Security Incident Response Team (FrSIRT) said in an advisory posted on Wednesday.

The bug exists because of an error in the way the older versions of Firefox handle GIF images. An attacker could gain control of a PC by luring the user to a Web page or sending an email containing a specially crafted image, according to FrSIRT, which rates the issue "critical."

Only Firefox 1.0.1 and earlier are vulnerable. The image-parsing problem was fixed in Firefox 1.0.2, which was released in March. Since then, two more Firefox updates have been released, mostly to address security issues. The most recent version is Firefox 1.0.4, which was released in May.

Because the security bug was quashed more than three months ago, the exploit release is less of a concern, said Michael Sutton, a lab director at security company iDefense. "Given the length of time during which patches have been available, I would consider the release of this exploit to be a credible threat, but not critical," he said.

A representative for the Mozilla Foundation, the maker of Firefox, said most of the browser's users have upgraded to version 1.0.4. Mozilla encourages people to check for updates regularly and update their browser when a new version is available, the representative said.

Since the debut of Firefox 1.0 in November, its usage has grown at a rapid pace. Security has been a main selling point for Firefox over Microsoft's rival Internet Explorer. The number of downloads of the software is close to passing the 70 million mark, according to the download counter Spread Firefox Web site. That total represents downloads of all versions, so it doesn't necessarily represent individual users.

Firefox has demonstrated that the mature Web browser market, dominated by Internet Explorer, can be shaken up. IE has begun to see its market share dip slightly — a first in a number of years. Firefox US usage share reached nearly 7 percent at the end of April, according to tracking company WebSideStory.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
120 out of 234 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

DNA details of innocent will be kept f...

The government has announced that it plans to keep innocent people's DNA details for up to six years. In response to a consultation it launched last December, the government said... More

5 comments

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters