New Firefox protocol abuse problem

Discussion in 'other security issues & news' started by hydenseek, Jul 27, 2007.

Thread Status:
Not open for further replies.
  1. hydenseek

    hydenseek Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    7
    Rated Highly Critical by Secunia
    Affecting Windows XP SP2 and Server 2003 SP2

    "Security researchers have discovered a new set of protocol abuse problems with Mozilla Firefox, warning that the popular open-source browser is a sitting duck for code execution exploits."

    http://blogs.zdnet.com/security/?p=402&tag=nl.rSINGLE

    "Successful exploitation requires that Internet Explorer 7 is installed on the system."

    This affects fully patched Firefox 2.0.0.5, and can be triggered by simply clicking a link.

    Temporary workarounds are listed in the article.
     
  2. ASpace

    ASpace Guest

    God , may I go only with this
    If I have to adjust my programs so much for every exploit found , I will need to spend 4 hours everyday in front of my computer doing "nothing" .
    I think I'll rely on my common sense , as always ;)
     
  3. hydenseek

    hydenseek Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    7
    :thumb: Always the best "workaround". Would that everyone did the same.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    This problem is only "highly critical" for people who are not using any process execution blockers (HIPS), and besides FF seems to warn you when an external apps wants to be launched. So I was never really worried about this stuff. :)
     
Loading...
Thread Status:
Not open for further replies.