Your Ad Here Your Ad Here
Results 1 to 6 of 6

Thread: critical firefox hole

  1. #1
    4play's Avatar knob jockey
    Join Date
    Jan 2003
    Location
    London
    Age
    35
    Posts
    5,530
    An anonymous reader writes "News sources are reporting that a 'killer' new Firefox exploit has been revealed today by FrSIRT who warn that this 0day exploit/vulnerability (as yet unpatched) should be rated as critical. Summery of the exploit: If a user clicks anywhere on a specially crafted page, this code will automatically create and execute a malicious batch/exe file. Proof of concept code supplied by FrSIRT."

    http://www.frsirt.com/exploits/20050507.firefox0day.php

  2. Software & Hardware   -   #2
    peat moss's Avatar Software Farmer BT Rep: +15BT Rep +15BT Rep +15
    Join Date
    May 2003
    Location
    Delta B.C. Canada
    Posts
    10,816
    They did patch it tho ? What does's partially patch mean ? I'm sure it will be fixed in few hours or so tho. Thats the neat thing about open source , hundreds of people are probably looking at this problem, and thinking of way's to solve it .
    Last edited by peat moss; 05-08-2005 at 06:28 PM.

  3. Software & Hardware   -   #3
    Skiz's Avatar (_8(I)
    Join Date
    May 2003
    Location
    CO
    Age
    40
    Posts
    29,628
    That's impossible. According to every FF user I've come across, FF is impervious to fault.



    ΜΟΛΩΝ ΛΑΒΕ
    The FST Last.fm group

  4. Software & Hardware   -   #4
    davec8's Avatar Poster
    Join Date
    Aug 2003
    Location
    Windsor, Ontario
    Age
    40
    Posts
    104
    Quote Originally Posted by Skizo
    That's impossible. According to every FF user I've come across, FF is impervious to fault.
    I don't claim it to be impervious, but when holes like this come up they're usually patched within a few days at the most as opposed to a month or 2 like most of the other browsers. That's a definite plus.

  5. Software & Hardware   -   #5
    4play's Avatar knob jockey
    Join Date
    Jan 2003
    Location
    London
    Age
    35
    Posts
    5,530
    this was reported to bugzilla some time ago but bugzilla will not let me access that report since you have to have certain permissions to actually view critical vulns.

    a tempory fix is about and it seems a 1.04 is in the works i believe.

  6. Software & Hardware   -   #6
    DarthInsinuate's Avatar Died in battle
    Join Date
    Jan 2003
    Location
    Arkham Asylum
    Posts
    5,001
    secunia now have their report written up http://secunia.com/advisories/15292/

    Solution:
    1) Disable JavaScript.

    2) Disable software installation: Options --> Web Features --> "Allow web sites to install software"

    NOTE: A temporary solution has been added to the sites "update.mozilla.org" and "addons.mozilla.org" where requests are redirected to "do-not-add.mozilla.org". This will stop the publicly available exploit code using a combination of vulnerability 1 and 2 to execute arbitrary code in the default settings of Firefox.
    The Sexay Half Of ABBA And Max: Freelance Plants

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •