Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Mozilla and Firefox flaws

Mozilla and Firefox flaws

by Nikola Strahija on January 7th, 2005 Mozilla and Firefox users were warned of a number of potentially troublesome security vulnerabilities recently. The most serious flaw involves a buffer overflow bug in the way Mozilla processes the NNTP (news) protocol.


The flaw creates a possibility for hackers to inject hostile code into vulnerable systems, providing they trick users into executing maliciously constructed news server links. All versions of Mozilla prior to 1.7.5 are affected. Firefox users are advised to make sure they are running version 1.0 to minimise any risk. Next, a flaw was discovered that creates a means to spoof the source displayed in the Firefox's download dialog box. The vulnerability has been confirmed in Mozilla 1.7.3 for Linux, Mozilla 1.7.5 for Windows, and Mozilla Firefox 1.0, and other versions may also be affected. It is advised that Firefox users avoid download links from untrusted sources pending the availability of patches from the Mozilla project.

Finally, there's a less serious problem affecting Firefox and its email client Thunderbird. Security researchers have found that temporary files are stored by the popular packages in a format that makes it possible for snoops to read the content of downloads and attachments of other users on the same machine.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »