Digg this topic
Add to my del.icio.us Two serious security holes found in Firefox |
|
|
|
|
|
Late(st) News | Zenith Picture Gallery | Most
Recent Community Topics | Tips, Tricks and Other Useful Stuff
  |
| Two serious security holes found in Firefox |
 May 8 2005, 10:14 PM
Post
#1
|
|
 Boss, my code's compiling (xkcd)  Group: Admins Posts: 10,440 Joined: 19-September 01 Member No.: 1   |
 DANISH PROBLEM watcher Secunia said that two "extremely critical" security problems have been discovered in ever-more popular browser, Firefox. According to Secunia, these involve cross scripting attacks involving IFRAME Javascript URLs and input passed to the IconURL parameter. The holes have been confirmed in version 1.0.3, and exploit code is publicly available, said Secunia, in its note, here.Source: The Inquirer --------------------    Things that I don't suck at: Photography (flickr, JPG Mag), "Don't bail; the best gold is at the bottom of barrels of crap!" -Randy Pausch I have people-skills goddamnit! What is wrong with you people!!! | www.skyrill.com |
 |
 
|
|
May 9 2005, 02:24 AM
Post
#2
|
|
 ruler of the world  Group: Members Posts: 297 Joined: 18-February 05 Member No.: 2,300  |
no....not firefox..... :'(
--------------------  ^Click the Penguin!!! |
|
|
|
|
May 9 2005, 04:19 AM
Post
#3
|
|
|
SuperNova III Member Group: Support Team Posts: 2,141 Joined: 2-November 02 From: Toronto Member No.: 302 |
QUOTE(Paladin @ May 9 2005, 02:24 AM) no....not firefox..... :'(  Huh??? You thought it's the first bug found in FireFox? Here's one i recently heard of. It's not severe but is so fun & unique  QUOTE Listening to Amazon Audio Samples:
There's a bug in Firefox which means that it handles some files improperly, and deals with some files according to their extension rather than their MIME type. This rears its ugly head when trying to listen to audio samples on the Amazon website. Instead of passing the RealPlayer stub file to RealPlayer, it downloads it and names it hurl.exe. All you have to do to listen to the files is change the name from hurl.exe to hurl.ram and then open the newly-named file. |
|
|
|
|
May 9 2005, 04:06 PM
Post
#4
|
|
 Heavenly Sword  Group: ++Member Posts: 757 Joined: 12-December 04 From: Sydney Member No.: 2,089  |
QUOTE(Paladin @ May 9 2005, 02:24 AM) no....not firefox..... :'(  ~~~~~~~~~ Solution: 1) Disable JavaScript. 2) Disable software installation: Options --> Web Features --> "Allow web sites to install software" NOTE: A temporary solution has been added to the sites "update.mozilla.org" and "addons.mozilla.org" where requests are redirected to "do-not-add.mozilla.org". This will stop the publicly available exploit code using a combination of vulnerability 1 and 2 to execute arbitrary code in the default settings of Firefox. This post has been edited by Renzoblade: May 9 2005, 04:14 PM |
|
|
|
|
May 9 2005, 09:46 PM
Post
#5
|
|
|
ruler of the world Group: Members Posts: 297 Joined: 18-February 05 Member No.: 2,300 |
no i didnt think that it was the first bug found.....i was just hoping that i read it wrong and it was really talking about some other browser....
-------------------- ^Click the Penguin!!! |
|
|
|
|
|
Lo-Fi Version | Time is now: 19th June 2013 - 10:05 PM |
