Firefox suffers 'extremely critical' security hole
Results 1 to 4 of 4

Thread: Firefox suffers 'extremely critical' security hole

  1. #1
    In And Above Man Black Cluster's Avatar
    Join Date
    Feb 2005
    Posts
    912

    Firefox suffers 'extremely critical' security hole

    I don't know if this has been post before, the search engine led to nothing .... I have just recieved this via email .....

    NO COMMENT

    Source
    Firefox has two unpatched security holes that could allow an attacker to take control of a user's computer system, and exploit code is already circulating on the Internet, security researchers have warned.
    A patch is expected shortly, but users can protect themselves in the meantime by switching off JavaScript. In addition, the Mozilla Foundation said it has now made the flaws effectively impossible to exploit by changes to the server-side download mechanism on the update.mozilla.org and addons.mozilla.org sites, according to security experts.

    The flaws were confidentially reported to the Foundation on May 2. But by Saturday details had been leaked and were reported by several security organizations, including the French Security Incident Response Team (FrSIRT).

    Danish security firm Secunia marked the exploit as "extremely critical", its most serious rating, the first time it has given a Firefox flaw this rating.

    In recent months, Firefox has picked up market share from Microsoft's Internet Explorer, partly because it is considered less vulnerable to attacks. However, industry observers have long warned that part of the reason the browser is more secure is because it has a relatively small user base. As Firefox's profile grows, attackers will increasingly target the browser.

    The exploit, discovered by Paul of Greyhats Security Group and Michael "mikx" Krax, makes use of two separate vulnerabilities. An attacker could create a malicious page using frames and a JavaScript history flaw to make software installations appear to be coming from a "trusted" site. By default, Firefox allows software installations from update.mozilla.org and addons.mozilla.org, but users can add their own sites to this whitelist.

    The second part of the exploit triggers software installation using an input verification bug in the "IconURL" parameter in the install mechanism. The effect is that a user could click on an icon and trigger the execution of malicious JavaScript code. Because the code is executed from the browser's user interface, it has the same privileges as the user running Firefox, according to researchers.

    The Mozilla Foundation said it has protected most users from the exploit by altering the software installation mechanism on its two whitelisted sites. However, it warned that users may be vulnerable if they have added other sites to the whitelist.

    "We believe this means that users who have not added any additional sites to their software installation whitelist are no longer at risk," the Mozilla Foundation said in a statement published on Mozillazine.org
    \"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
    Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    *****HYPE ALERT*****

    For 99% of the users the issue has been mitigated on Mozilla's end. For the remainder who have added sites to the trusted install sites wouldn't the attacker have to somehow guess which site was on the trusted list.....

    Then, it seems, the user has to click on an icon to trigger the actual malicious install.....

    Any mathematician out there want to compute the odds of both guessing the trusted site added _and_ having a user of that sophistication click on the icon too....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    In And Above Man Black Cluster's Avatar
    Join Date
    Feb 2005
    Posts
    912
    Great points Tiger ..... do you imply that these vulnerabilities should not be rated as "Extremely Critical" as it needs a lot of user interaction and to the other side a lot of guessing to meet the conditions under which these vulnerabilities can work????

    Cheers
    \"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
    Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster

  4. #4
    In And Above Man Black Cluster's Avatar
    Join Date
    Feb 2005
    Posts
    912

    Mozilla fixes 'extremely critical' Firefox bugs

    The good news .......

    Source

    The Mozilla Foundation has patched two "extremely critical" security holes in its Firefox browser by releasing an updated version of the browser. Firefox 1.0.4 was posted to the Mozilla.org Web site late yesterday.
    When used in tandem, the two bugs could be used by an attacker to take control of a Firefox user's system by exploiting the way Firefox handles software installations from certain trusted Web sites. Firefox automatically allows software to be installed from update.mozilla.org and addons.mozilla.org, but users who want to add software from other Web sites can add to this trusted list.

    Earlier this week, The Mozilla Foundation made changes to Mozilla.org, which protected most users. But Web surfers who had added other Web sites to their trusted list were still vulnerable, said Chris Hofmann director of engineering with The Mozilla Foundation.

    Danish security firm Secunia rated the exploit as "extremely critical," marking the first time a flaw in the open-source browser had received Secunia's most serious security rating (see story).
    Firefox has gained market share against Microsoft Corp.'s Internet Explorer over the past year, in part because it has been considered less vulnerable to attacks. Since the release of Firefox 1.0 last November, however, a number of vulnerabilities have been discovered in the browser.

    The Mozilla Foundation reports nearly 54 million Firefox downloads since the 1.0 release. Firefox has 6.8% of the browser market, according to WebSideStory Inc. But Internet Explorer is still used by nearly 89% of Web surfers, according to the research firm.

    The 1.0.4 update also fixes two other minor security bugs as well as the way Firefox handles dynamic HTML (DHTML), said Hofmann. The DHTML bug caused "uncaught exception" errors to pop up on some Web pages in the 1.0.3 version of the browser.

    More information on the new Firefox release can be found at http://www.mozilla.org/products/fire...es/1.0.4.html.
    \"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
    Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •