An anonymous reader writes "News sources are reporting that a 'killer' new Firefox exploit has been revealed today by FrSIRT who warn that this 0day exploit/vulnerability (as yet unpatched) should be rated as critical. Summery of the exploit: If a user clicks anywhere on a specially crafted page, this code will automatically create and execute a malicious batch/exe file. Proof of concept code supplied by FrSIRT."

http://www.frsirt.com/exploits/20050507.firefox0day.php

They did patch it tho ? What does's partially patch mean ? :lol: I'm sure it will be fixed in few hours or so tho. Thats the neat thing about open source , hundreds of people are probably looking at this problem, and thinking of way's to solve it .

That's impossible. According to every FF user I've come across, FF is impervious to fault. :dry:

That's impossible. According to every FF user I've come across, FF is impervious to fault. :dry:
I don't claim it to be impervious, but when holes like this come up they're usually patched within a few days at the most as opposed to a month or 2 like most of the other browsers. That's a definite plus.

this was reported to bugzilla some time ago but bugzilla will not let me access that report since you have to have certain permissions to actually view critical vulns.

a tempory fix is about and it seems a 1.04 is in the works i believe.

secunia now have their report written up http://secunia.com/advisories/15292/


Solution:
1) Disable JavaScript.

2) Disable software installation: Options --> Web Features --> "Allow web sites to install software"

NOTE: A temporary solution has been added to the sites "update.mozilla.org" and "addons.mozilla.org" where requests are redirected to "do-not-add.mozilla.org". This will stop the publicly available exploit code using a combination of vulnerability 1 and 2 to execute arbitrary code in the default settings of Firefox.