Digital Edition

SYS-CON.TV
Firefox Finishes Fire Drill
Mozilla Fixes Flaw, Issues Updated Version 1.04

A security flaw that allows a malicious site to execute arbitrary code on a user's system through the Mozilla Firefox Version 1.03 browser has been fixed with the issuance of Mozilla Firefox Version 1.04, Mozilla has reported. The Version 1.03 flaw appears to be the first "Extremely Critical" Firefox flaw logged by Secunia, Mozilla says.

Firefox users are encouraged to go to www.mozilla.org to find the new version. ISSJ did this, and found one important navigational issue. The best way to find the most clearly marked patch download is to first go to the original May 8 notification of the problem. There you will find clearly marked information regarding the update, which is known as Version 1.04.

Hitting the May 11 link, which references the "security update," simply brings you to a generic Firefox page. Version 1.04 is the featured version on that page, and this version has eliminated the flaw. However, it may not be intuitively obvious to all users that this is the correct version, as there is no specific wording about the Version 1.03 problems on this page. With an estimated 50 million downloads worldwide, one can imagine that some confusion may be caused by this navigational obliqueness.

The May 8 advisory explains that a successful attack involves exploiting two flaws: one involves tricking Firefox into thinking a software installation is being triggered by a whitelisted site, while the other relies on the software installation trigger not sufficiently checking icon URLs containing JavaScript code.

The Secunia advisory suggests disabling JavaScript as a workaround; however, simply disabling software installation (Web Features panel of the Options/Preferences window in Firefox 1.0.3 or the Content panel in the latest trunk builds) eliminates the problem. Now, with Version 1.04 available, the problem has been fully addressed.

About Security News Desk
SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1



ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

"Peak 10 is a hybrid infrastructure provider across the nation. We are in the thick of things when i...
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use ...
DevOps tends to focus on the relationship between Dev and Ops, putting an emphasis on the ops and ap...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO an...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple ...
In this presentation, you will learn first hand what works and what doesn't while architecting and d...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: D...
The now mainstream platform changes stemming from the first Internet boom brought many changes but d...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018,...
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news an...
The Internet of Things will challenge the status quo of how IT and development organizations operate...
More and more companies are looking to microservices as an architectural pattern for breaking apart ...
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held Novemb...
Enterprises are striving to become digital businesses for differentiated innovation and customer-cen...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22...
With the proliferation of both SQL and NoSQL databases, organizations can now target specific fit-fo...
Organizations planning enterprise data center consolidation and modernization projects are faced wit...
Let’s face it, embracing new storage technologies, capabilities and upgrading to new hardware often ...
Fact: storage performance problems have only gotten more complicated, as applications not only have ...
Containers, microservices and DevOps are all the rage lately. You can read about how great they are ...