Extremely critical flaws found in Firefox 1.0.3

Posted on Monday, May 09 2005 @ 21:59 CEST by Thomas De Maesschalck
A pair of extremely critical bugs, that could allow a malicious user to take over one's PC, were found in Mozilla's Firefox web browser earlier this month. The proof-of-concept code was leaked on Sunday and Mozilla recommends its users to disable JavaScript or to lock down the browser so it can't install additional software, such as extensions or themes from websites.
According to Danish security vendor Secunia, which tagged the bugs with a highest "extremely critical" warning -- the first time it's used that to describe a Firefox flaw -- a hacker can trick the browser into thinking a download is coming from one of the by-default sites permitted to install software automatically: addons.mozilla.org or update.mozilla.org.
Firefox 1.0.4 will be released as soon as possible to fix these bugs but Mozilla also states that currently there are no known active exploits of the vulnerabilities. More details at TechWeb

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments