Digital Edition

SYS-CON.TV
Fire Drill for Firefox 1.0.3; Mozilla's Browser Has Serious Flaw
Mozilla Foundation Security Advisory 2005-42 Says Disable Javascript

A security flaw that allows a malicious site to execute arbitrary code on a user's system has been discovered in Mozilla Firefox, Mozilla has reported. It appears to be the first "Extremely Critical" Firefox flaw logged by Secunia, Mozilla says.

The advisory explains that a successful attack involves exploiting two flaws: one involves tricking Firefox into thinking a software installation is being triggered by a whitelisted site, while the other relies on the software installation trigger not sufficiently checking icon URLs containing JavaScript code. The Secunia advisory suggests disabling JavaScript as a workaround; however, simply disabling software installation (Web Features panel of the Options/Preferences window in Firefox 1.0.3 or the Content panel in the latest trunk builds) eliminates the problem.

As the story was posted, Mozilla had not yet issued a patch. The only workaround it recommends is to disable Javascript.

If there's schadenfreude in Redmond, then there are big smiles. Firefox has been slowly eating away at Microsoft IE's market share, due in large part to its reputation as a safe browser not susceptible to the security flaws routinely found in Microsoft's dominant program.

Initial feedback at Mozilla's website was mixed. Where one poster pronounced himself "extremely disappointed," another said that "the press will hype up any security issue, (and) not necessarily in proportion to the severity and impact of it." With more than 50 million downloads of Firefox claimed by Mozilla, it's not doubtful that the browser becomes a more tempting target for bad guys and a better-debugged program by dint of the sheer mass of the increasing number of people who use it.

About Security News Desk
SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

I think it's funny that the first "extremely critical" security flaw is related to a feature invented by Microsoft -- a feature that I turned off immediately upon installing Firefox. Seriously, if you turn on a feature like this, you might as well put a sign on your butt that says "Kick me" and bend over.

Version 1.0.4 is already out and addresses all of those issues. (http://www.getfirefox.com)




ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

Artifex Software began 25-years ago with Ghostscript, a page description language (PDL) interpreter ...
In an age of borderless networks, security for the cloud and security for the corporate network can ...
Isomorphic Software is the global leader in high-end, web-based business applications. We develop, m...
Cloud Storage 2.0 has brought many innovations, including the availability of cloud storage services...
In very short order, the term "Blockchain" has lost an incredible amount of meaning. With too many j...
For enterprises to maintain business competitiveness in the digital economy, IT modernization is req...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with exp...
Cloud-Native thinking and Serverless Computing are now the norm in financial services, manufacturing...
Most modern computer languages embed a lot of metadata in their application. We show how this goldmi...
On-premise or off, you have powerful tools available to maximize the value of your infrastructure an...
Public clouds dominate IT conversations but the next phase of cloud evolutions are "multi" hybrid cl...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with exp...
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the c...
Data center, on-premise, public-cloud, private-cloud, multi-cloud, hybrid-cloud, IoT, AI, edge, SaaS...
DevOps has long focused on reinventing the SDLC (e.g. with CI/CD, ARA, pipeline automation etc.), wh...
Now is the time for a truly global DX event, to bring together the leading minds from the technology...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web...
In today's always-on world, customer expectations have changed. Competitive differentiation is deliv...
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures....
Moving to Azure is the path to digital transformation, but not every journey is effective. Organizat...