Welcome to WebmasterWorld Guest from 54.225.31.78

Forum Moderators: incrediBILL

Message Too Old, No Replies

Latest Version FF has severe security flaw

Another Javascript hole...

     
2:31 am on Jul 15, 2009 (gmt 0)

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



An unpatched memory corruption flaw in the latest version of Firefox creates a means for hackers to drop malware onto vulnerable systems.

Security notification firm Secunia reports that the security bug (which it describes as extremely critical) stems from errors in handling JavaScript code. The flaw has been confirmed in the latest 3.5 version of Firefox, released in late June.

Older versions of the popular alternative browser might also be affected, Secunia warns.

Exploit code has been uploaded onto recently revived security exploit website milw0rm, a factor that could hasten the development of more attack code.

Secunia advises Firefox users to avoid browsing untrusted websites or following untrusted links pending the availability of a fix from Mozilla (there's nothing in the pipeline just yet).

Reported at The Register
[theregister.co.uk...]

I suspect those of us who turn Javascript off, or use NoScript may not have quite the same concerns...

3:16 am on Jul 15, 2009 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Not a good week for browsers... Firefox/3.5 with one vulnerability, SeaMonkey/1.1.17 with one still not updated after several weeks, and MSIE8 with two -- one patched today, but another still outstanding.

For those who often end up on questionable sites while reviewing backlinks, etc., it'd be a good week to test-drive Chrome, Opera, or Apple Safari if disabling JS is not an option for your testing.

Jim

3:37 am on Jul 17, 2009 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Firefox/3.5.1 is now available to fix this issue.

Jim

 

Featured Threads

Hot Threads This Week

Hot Threads This Month