Advertisement
Promo

Security threats Toolkit

Firefox attack code published

Joris Evers CNET News

Published: 14 Dec 2005 09:20 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

If you haven't updated your Firefox or Mozilla Web browser lately, now might be a good time to do so.

Computer code that demonstrates how a known flaw in an older version of the browsers can be exploited in a potentially crippling attack was published on the Web over the weekend. The vulnerability was fixed in Firefox 1.0.5, released in July, and in Mozilla Suite 1.7.9, according to Mozilla.

The code was published by Aviv Raff, a developer in Israel. "I think it's been enough time for people to upgrade from v1.0.4 of Firefox," he wrote on his blog on Sunday. Raff's code doesn't do much harm, but he notes that it would be easy to turn it into malicious code that commandeers a vulnerable system.

The vulnerability is in the way the Web browsers handle JavaScript, according to a Mozilla alert dated 12 July, the day Firefox 1.0.5 was released. An attacker could craft a malicious Web site that, when accessed by a vulnerable PC, could enable them to run code on that system without the owner realising it.

Mozilla has released several updates to both Firefox and the Mozilla Suite since July. The latest version of Firefox is 1.5, released late last month. A security vulnerability that could cause the browser to appear to hang has already been pinpointed in that version, but Mozilla says it is a minor problem.

In other browser news, Microsoft on Tuesday released a patch that fixes four vulnerabilities in Internet Explorer. The software maker deems two of the flaws "critical". One is already being used to attack IE users, Microsoft said in a bulletin.

Secunia is warning of a security flaw in version 8.01 of the Opera Web browsers. Earlier versions may also be affected, the security monitoring company said in an alert on Tuesday. The flaw lies in the way the browser handles mouse clicks in new windows and in how it displays a dialog box for downloads, according to Secunia's advisory.

The Opera flaw could be exploited to trick people into downloading malicious programs, Secunia said. The company advised people to upgrade to Opera 8.0.2, which has been available since late July.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
109 out of 204 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:











Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

DNA details of innocent will be kept f...

The government has announced that it plans to keep innocent people's DNA details for up to six years. In response to a consultation it launched last December, the government said... More

5 comments

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters