Results 1 to 3 of 3

Thread: Unpatched Firefox flaw now rated "Highly Severe"

  1. January 30th, 2008, 04:46 PM #1
    Negative
    Negative is offline
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424

    Unpatched Firefox flaw now rated "Highly Severe"

    Unpatched Firefox flaw now rated "Highly Severe"

    http://blogs.zdnet.com/security/?p=841&tag=nl.e539

    Mozilla has given a proof of concept Firefox vulnerability a “high severity” rating because an attacker can collect session information such as cookies and history, according to Mozilla security chief Window Snyder.

    Snyder said the vulnerability will be patched with Firefox 2.0.0.12, which will be pushed out “shortly.”

    On Jan. 22, Snyder confirmed a proof of concept vulnerability discovered by researcher Gerry Eisenhaur on Jan. 19. Simply put, Firefox leaks information that can allow an attacker to load any javascript file on a machine. This “chrome protocol directory transveral” is in play whenever there are “flat” files–common in add ons–are installed. Chances are good that most Firefox users will have at least a few of these add ons installed. That’s a lot of data leakage.
    Reply With Quote Reply With Quote
  2. January 30th, 2008, 04:56 PM #2
    KorpDeath
    KorpDeath is offline
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Really? Forget the firefox flaw... the security chief at Mozilla is named Window???? OMG, IT'S A CONSPIRACY, I TELL YA!!!!!
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson
    Reply With Quote Reply With Quote
  3. January 30th, 2008, 05:22 PM #3
    xiphias360
    xiphias360 is offline
    Senior Member
    Join Date
    Dec 2007
    Posts
    132
    And for the rest who have been living under a rock, snyder was in a senior security position at microsoft before she moved to mozilla...
    ~ Insane Security ~
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. OPPS! We made a mistake...no security flaw in Firefox 1.5
    By Egaladeist in forum Miscellaneous Security Discussions
    Replies: 1
    Last Post: December 12th, 2005, 12:50 AM
  2. Unpatched Firefox flaw may expose users
    By intmon in forum Security News
    Replies: 5
    Last Post: September 13th, 2005, 07:31 AM
  3. Mozilla offers temporary fix for Firefox flaw
    By Egaladeist in forum Security News
    Replies: 2
    Last Post: September 10th, 2005, 06:04 PM
  4. Latest Firefox reintroduces 7-year-old security flaw
    By Black Cluster in forum Miscellaneous Security Discussions
    Replies: 8
    Last Post: June 12th, 2005, 04:18 AM
  5. Experts predict Firefox spyware will show up this year
    By SDK in forum Spyware / Adware
    Replies: 12
    Last Post: February 9th, 2005, 08:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules