Welcome to WebmasterWorld Guest from 54.161.228.30

Forum Moderators: incrediBILL

Message Too Old, No Replies

Researchers reveal another Firefox flaw

   
8:56 pm on Jul 27, 2007 (gmt 0)

10+ Year Member



itWorldCanada: Researchers reveal another Firefox flaw [itworldcanada.com]

They provided exploit code that forced Firefox to launch other local programs when a malformed URL was passed to it from Internet Explorer 7 on Windows XP SP2. According to the two, only users whose machines have IE 7 as well as Firefox are at risk.

"Just to be clear, this vulnerability is delivered through the Firefox browser, not IE. You simply have to have IE7 installed somewhere on your system for this to work, which is basically most Windows XP SP2 systems," Rios said.

1:47 am on Jul 28, 2007 (gmt 0)

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Important note: "By Thursday morning, Firefox developers had wrapped up a fix for the newest vulnerability. An automatic update to users, however, has not yet been scheduled."

So this flaw should be plugged with the next update. After an exploit is publicized, speed of patching becomes important, but at least this one was not found "in the wild", but rather by researchers.