Firefox 1.0.3 Critical Vunlerabilities

Monday, May. 9 2005 | Author: jeremy

Mozilla has announced 2 critical vunlerabilities present in the 1.0.3 release of its Firefox browser. The Mozilla Suite is also partially vulnerable.

By causing a frame to navigate back to a previous javascript: url an attacker can inject script into any site. This could be used to steal cookies or sensitive data from that site, or to perform actions on behalf of that user. (Affects Firefox and the Suite).

A separate vulnerability in the Firefox install confirmation dialog allows an attacker to execute arbitrary code by using a javascript: URL as the package icon. By default only the Mozilla Foundation update site is allowed to bring up this dialog, but the script injection vulnerability described above enables this to be exploited from any malicious site.

Mozilla is suggesting that Javascript be disabled to prevent execution of this. Software updates can also be disabled, but that does not prevent an attacker from making use of the first vulnerability.

Hat Tip: Tollie

Share and Enjoy

Firefox 2 Officially Released
8 Vulnerabilities Discovered In Firefox/Mozilla
Firefox 1.0.7 Released
Firefox 1.5 Officially Released
Firefox 1.5 RC1 Available & “Extend Firefox” Announced

Hope you like that post!

Forever Geek is a resource for all things geek. You can stay tuned by having the latest FG news delivered to you for free via RSS.

Category: Uncategorized
Tags:

3 Responses for "Firefox 1.0.3 Critical Vunlerabilities"

Griffith

May 9th, 2005 at 5:14 pm
1

I thought the guys at Microsoft would take less to find a security hole in FF after they sealed it in their dungeons, oh… did I say that outloud?
Lambeth

December 18th, 2006 at 8:40 am
2

Hi man! Your site is cool!
[url=][/url]
Lambeth

December 18th, 2006 at 8:40 am
3

Hi man! Your site is cool!
[url=][/url]