PDA

View Full Version : Unpatched Firefox flaw may expose users



tesco
09-11-2005, 02:23 PM
A new, unpatched flaw in that affects all versions of Firefox could let attackers surreptitiously run malicious code on users' PCs, a security researcher has warned.

The problem lies in the way Firefox handles Web links that are overly long and contain dashes, security researcher Tom Ferris said in an interview via instant messaging late Thursday.

The security vulnerability is a buffer overflow flaw that "allows for an attacker to remotely execute arbitrary code" on a vulnerable PC, Ferris said. An attacker could host a Web site containing the malicious code to exploit the flaw, he said. Though his proof of concept only crashes Firefox, Ferris claims he has been able to tweak it to run code.


:source: Source: ZDNet (http://news.zdnet.com/2100-3513_22-5856201.html)

Guillaume
09-11-2005, 03:56 PM
A temporary fix for this problem can be found here (https://addons.mozilla.org/messages/307259.html). :01:

peat moss
09-11-2005, 06:07 PM
Nice work fellas, I was just reading about it before I come on here . :)



@Guillaume, nice thing is two clicks and your safe, also two ways to do it .
I did the auto but you can do it manualy , try that with IE . :)

zdensys
09-14-2005, 01:24 PM
It was quick to post a workaround that fast

zapjb
09-14-2005, 01:40 PM
I did it manually. No sweat.

tesco
09-14-2005, 05:01 PM
It was quick to post a workaround that fast
That's why open source is so great :)