Free Republic
Browse · Search		 News/Activism
Topics · Post Article

Skip to comments.

Exploit turns up heat for Firefox flaw
CNet News ^ | 8 February 2006 | Joris Evers

Posted on 02/09/2006 9:50:40 AM PST by ShadowAce

Computer code that could be used in cyberattacks on Firefox users has been released, increasing the urgency for people to upgrade to the latest version of the Web browser.

The two pieces of exploit code, posted online earlier this week, take advantage of a security vulnerability in Firefox that Mozilla patched in an update Thursday. In response to the exploit release, the browser maker on Tuesday upgraded the severity rating of the flaw from "moderate" to "critical," its most serious rating.

"This exploit was published after we released the 1.5.0.1 update," said Mike Schroepfer, vice president of engineering at Mozilla. "Most of our users had already been upgraded by the time this exploit was published."

The code could be used to commandeer computers running a vulnerable version of the open-source Web browser on Linux or Mac OS X systems. It has been published as part of the Metasploit Framework, a widely used hacking tool.

The specific flaw exists only in Firefox 1.5 and was fixed in Firefox 1.5.0.1. The problem could cause a memory corruption an outsider could use to run code on a vulnerable PC, according to a Mozilla advisory. The corruption would come from calling the "QueryInterface" method of the Location and Navigator objects in the browser.

Firefox users have already been urged to install the patched version of the browser. Security monitoring company Secunia last week rated the Firefox update "highly critical," and Mozilla has pushed out updates.

If for some reason users have not upgraded, they should definitely do so, Schroepfer said.

TOPICS: Technical
KEYWORDS: exploits; firefox; patch
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-8081-82 last
To: JoJo Gunn
Every single time Mozilla breaks wind it breaks extensions and themes, one of the features they beat their chest about.

In case you run into that problem in the future there's an extension you can add called Nightly Tester Tools that'll force broken extensions to believe they're compatible with the latest version.

Just in case that doesn't work though here's other steps you can try.

81 posted on 02/16/2006 4:53:52 PM PST by Reaganwuzthebest
[ Post Reply | Private Reply | To 23 | View Replies]
To: D-Chivas

I was just going to mention that. Sometimes Firefox takes up to 40% cpu time and I have to close all instances.


82 posted on 02/17/2006 9:43:44 AM PST by MarkeyD (Make Love, Not Cartoons. I really, really loathe liberals.)
[ Post Reply | Private Reply | To 21 | View Replies]

Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-8081-82 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search		 News/Activism
Topics · Post Article
FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson