Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Firefox serious vulnerabilities

Firefox serious vulnerabilities

by Nikola Strahija on May 9th, 2005 Security researchers have discovered two unpatched vulnerabilities in Firefox, which affect even the latest version of the popular browser (version 1.0.3) and create a means for attackers to seize control of vulnerable systems using cross-site scripting attacks.


One vulnerability enables arbitrary JavaScript code with escalated privileges to be executed via a specially crafted JavaScript URL. Successful exploitation requires that a site is allowed to install software (default sites are "update.mozilla.org" and "addons.mozilla.org").

The second security bug, involving "IFRAME" JavaScript URLs, creates a means to execute arbitrary HTML and script code in the context of an arbitrary site.

A combination of the two vulnerabilities can be exploited to execute arbitrary code on vulnerable systems, exploit code is publicly available and greatly increasing the chance of attack. The vulnerabilities - described by Secunia as "extremely critical" - have been confirmed in version 1.0.3 of Firefox. Other versions may also be affected.
Users are advised to disable JavaScript and the software installation option within Firefox while waiting for a more comprehensive fix from the Mozilla Foundation.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »