Mozilla/Firefox bug Allows Remote Code Execution (Windows only)

Slapdash & eWeek | today | Self

[general_re]

So I'm reduced to summarizing the article, because the tools at eWeek apparently don't want their material posted here. Long story short: Mozilla and Firefox users on Windows XP (and possibly Windows 2000) have a hole that potentially allows remote code execution, due to the way Mozilla/Firefox passes certain protocols to the operating system. This apparently only affects Windows versions - users can get the full story here, and then download the ShellBlock extension here, which closes the hole.

[My2Cents]

In English, please....(seriously...We just added Firefox to our Windows XP-run computer, and ironically, we did it because we were told Firefox was less prone to placing ad-ware and spy-ware bugs on our computer.)

[demlosers]

thanx.

[general_re]

I'm not sure there's a simple way to explain this. Essentially, if Mozilla/Firefox encounters a protocol it doesn't understand, it hands it off to the operating system to figure out what to do with it. Most of the time, that's not a problem, but there are certain cases where that passing-the-buck could allow a webpage to execute malicious code on your machine. The fix is to download the ShellBlock extension linked above.

As for you switching, I still think you did the right thing - no software is bug-free, but I'm not planning on switching away from FF. ;)

[South40]

I've done the same. The problem is, hackers who want the big payoff have avoided attacking seldom used browsers. Compared to IE, Mozilla is seldom used. But with browser hijackings becoming more and more of a problem, downloads of Mozilla and Firefox have more than doubled in the past few weeks. So is Mo the target of attacks now? Probably not, but I'd download the fix anyway. Any way you look at it Mo's infinitely more safe than IE.

[Poohbah]

I couldn't get Firefox to work...I am unable to think in Russian.

[JOAT]

The problem is, hackers who want the big payoff have avoided attacking seldom used browsers.

Unless the 'hacker' happens to be (large company name redacted) trying to deflect criticism of their crappy browser.

[South40]

Unless the 'hacker' happens to be (large company name redacted) trying to deflect criticism of their crappy browser.

There's no one in Redmond, WA who would do such a thing.

Oh...wait...you weren't talking about MS were you?

Snicker...

[PAR35]

It appears that it is only a problem for XP users. Win 95/98 users appear safe.

[happydogdesign]

Dealing with Spyware and Adware

[JoJo Gunn]

If you or anyone has a general Mozilla type ping list, add me to it, please.

[My2Cents]

Hey, thanks for the explanation. It actually makes sense. :-) And thanks for the link to ShellBlock. Sheesh, I just added "Ad-aware 6.0" to my computer, now I need to add "ShellBlock." These pop-up and spyware battles are all-out war, aren't they.

[My2Cents]

Wise guy!....LOL

[Victor]

bump

[lelio]

In English, please

From what I gather the problem is that the "http" part of the URL can be replaced with "shell" and if the person knows the exact location of an executable on your system they might be able to run it.

Knowing the exact path to a program isn't difficult as its pretty standard. However the program itself might have to be buggy for the person to do any real damage. Although I suppose they could run the "del" program.

What's nasty about this is that a user doesn't have t click on a link for the exploit to work as the browser could try and "load" that page directly if the link was placed in an object.

The Fix appears to just remove the "shell://" scheme from being recognized.

This exploit came out pretty quickly, I saw something on BugTraq about it a day or two ago but ignored it.

[lelio]

Looking more into this it appears this is really a Windows problem as Mozilla hands of schemes that it doesn't know about to the OS. However there shouldn't really be a shell:// scheme so FireFox / Mozilla is pre-emptively blocking it. And I believe XP SP2 blocks this scheme altogether.

[backhoe]

---

 

 

There are new, nastier browser hijackers flooding the web- the best help is here, but be warned, you have to do most yourself and learn to use some new tools. The old anti-virus software does not work on this new series of bugs:

http://forums.spywareinfo.com/index.php?s=d3c1a671159df31c9420ae4d671f1cd2&showforum=18

 

Microsoft Plugs IE; Warns All Browsers At Risk (Test Your Browser Here)

 

Freepers how do I get rid of this spyware crap that is on my computer?

Worm and Virus Wars- the August Edition

 http://www.mozilla.org/products/firefox/

 

[PatrickHenry]

Thanks for the info. Just to be certain that this was really from Mozilla, I went to their website, rather than using your link. (Nothing personal, it's just that I'm a bit paranoid.) The patch is definitely available from them. It's locatable from their home page by scanning down the left margin to "Latest News" and clicking on "security update." Only takes a second.

[Cultural Jihad]

Ping!

[B.Bumbleberry]

Many thanks from all of us Mozilla users!