What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Skype & Technology » Tech Talk » FireFox Hit With Eight Security Flaws

FireFox Hit With Eight Security Flaws
Author: Message:
TheMusicPirate
Full Member
***

Avatar

Posts: 412
Reputation: 8
40 / Male / –
Joined: Feb 2005
O.P. FireFox Hit With Eight Security Flaws
Firefox has been hit by no less than eight security flaws, six of which are also found in the older Mozilla suite.

The vulnerabilities could allow an attacker to take over an affected system, carry out cross-site scripting and bypass some security restrictions, the Mozilla Foundation warned at the same time it released patches for the holes. Independent security firm Secunia gave the updates a "highly critical" rating.

As Firefox gains market share its handling of security issues is drawing more scrutiny. The patches, issued on Friday, are the third round of security fixes for Firefox and the seventh update for the 1.7 version of Mozilla. The Mozilla project has stopped major development on the suite, but is continuing to fix security flaws.

Two of the flaws affect Firefox only: an input validation error when processing the "pluginspage" attribute of the "embed" tag for plugins, which can be used to inject JavaScript code, and a bug in the sidebar that could allow cross-site scripting.

The remaining six bugs affect both browsers. Certain pop-ups can execute malicious code on a user's system, if the user opens the pop-up. A bug in the way windows and tabs are handled can allow malicious code from an untrusted site to execute in the context of another site. A bug involving the URLs of "favicons" icons allows JavaScript code to execute with escalated privileges.

A bug in installing search plugins can allow malicious code execution, but requires tricking the user to install a specially crafted search plug-in. Input validation errors in InstallTrigger and other XPInstall-related JavaScript objects could allow malicious code execution.

Finally, a problem with the "chrome" user-interface code in validating DOM nodes allowed several exploits that could allow malicious code execution or data theft, requiring only trivial user actions such as clicking on a link.

The updates, version 1.0.3 of Firefox and 1.7.7 of Mozilla, are available from the Firefox and Mozilla download pages. The project said a number of extensions were broken by the updates, but most extensions have now been revised to work with the new versions.



SOURCE:http://www.techworld.com/security/news/index.cfm?NewsID=3506
[Image: ipod.gif]

04-19-2005 12:39 PM
Profile PM Find Quote Report
-dt-
Scripting Contest Winner
*****

Avatar
;o

Posts: 1819
Reputation: 74
36 / Male / Flag
Joined: Mar 2004
RE: FireFox Hit With Eight Security Flaws
But these wernt "in the wild" like internet explorers they were all submitted using bugzilla and marked so only the developers can see them. also the people that discoverd these bugs could also claim money from mozilla's "bugs for cash" program which also trys to attract hackers attattion to find bugs in firefox.
[Image: dt2.0v2.png]      Happy Birthday, WDZ
04-19-2005 01:05 PM
Profile PM Web Find Quote Report
Chris4
Elite Member
*****

Avatar

Posts: 4461
Reputation: 84
33 / Male / Flag
Joined: Dec 2004
RE: FireFox Hit With Eight Security Flaws
quote:
Originally posted by -dt-
But these wernt "in the wild" like internet explorers they were all submitted using bugzilla and marked so only the developers can see them. also the people that discoverd these bugs could also claim money from mozilla's "bugs for cash" program which also trys to attract hackers attattion to find bugs in firefox.


Hmm bugs for cash. Interesting.
------

I got the update as soon as it came out so I'm fine :)

This post was edited on 04-19-2005 at 05:30 PM by Chris4.
Twitter: @ChrisLozeau
04-19-2005 05:29 PM
Profile PM Find Quote Report
MeEtc
Patchou's look-alike
*****

Avatar
In the Shadow Gallery once again

Posts: 2200
Reputation: 60
38 / Male / Flag
Joined: Nov 2004
Status: Away
RE: FireFox Hit With Eight Security Flaws
Ever since I upgraded to 1.0.3, I cant type anything into the address bar. I have to go to File>Open Location. Anyone else have this, or now how to solve it?
[Image: signature/]     [Image: sharing.png]
I cannot hear you. There is a banana in my ear.
04-19-2005 05:40 PM
Profile PM Web Find Quote Report
Chris4
Elite Member
*****

Avatar

Posts: 4461
Reputation: 84
33 / Male / Flag
Joined: Dec 2004
RE: FireFox Hit With Eight Security Flaws
quote:
Originally posted by MeEtc
Ever since I upgraded to 1.0.3, I cant type anything into the address bar. I have to go to File>Open Location. Anyone else have this, or now how to solve it?

Have toy tried reinstalling it?
Twitter: @ChrisLozeau
04-19-2005 06:02 PM
Profile PM Find Quote Report
MeEtc
Patchou's look-alike
*****

Avatar
In the Shadow Gallery once again

Posts: 2200
Reputation: 60
38 / Male / Flag
Joined: Nov 2004
Status: Away
RE: FireFox Hit With Eight Security Flaws
i uninstalled .2 first, installed .3, restarted the comp, but did not reinstall the second time. *will after exam is over...*
[Image: signature/]     [Image: sharing.png]
I cannot hear you. There is a banana in my ear.
04-19-2005 07:00 PM
Profile PM Web Find Quote Report
Caboose
Full Member
***

Avatar

Posts: 400
Reputation: 14
36 / Male / –
Joined: Oct 2004
RE: FireFox Hit With Eight Security Flaws
Maybe it's an extension you have installed that's causing the problem? :undecided:

Anyway, I'm glad I'm not a Firefox fanboy :). I don't use it because it's "more secure", I use it because of the features
04-19-2005 07:08 PM
Profile E-Mail PM Web Find Quote Report
MeEtc
Patchou's look-alike
*****

Avatar
In the Shadow Gallery once again

Posts: 2200
Reputation: 60
38 / Male / Flag
Joined: Nov 2004
Status: Away
RE: FireFox Hit With Eight Security Flaws
I don't have any extentions installed
I use it for the features and speed. IE takes a while to load up on my comp

This post was edited on 04-19-2005 at 07:11 PM by MeEtc.
[Image: signature/]     [Image: sharing.png]
I cannot hear you. There is a banana in my ear.
04-19-2005 07:10 PM
Profile PM Web Find Quote Report
Chris4
Elite Member
*****

Avatar

Posts: 4461
Reputation: 84
33 / Male / Flag
Joined: Dec 2004
RE: RE: FireFox Hit With Eight Security Flaws
MeEtc,
Try posting on Firefox forum's.
http://forums.mozillazine.org/viewforum.php?f=38

They should know the answer :D
Twitter: @ChrisLozeau
04-19-2005 09:50 PM
Profile PM Find Quote Report
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On