 |
|
||||
|
Firefox Vulnerabilities: The Official WordBy Pedro HernandezMay 9, 2005
Although there have been no reports of systems falling victim because of the vulnerabilities, the potential for cross-site scripting attacks prompted Secunia to slap an "extremely critical" rating on the bugs. Web surfers this weekend got a taste of how damaging a successful attack can be to with a proof of concept as well as the release of exploit code by the Greyhats Security Group, according to an InternetNews report. Today, Mozilla posted a security advisory summarizing the nature of the flaws as well as ways to cut the chances of an unfortunate run-in with a maliciously coded website. "The Mozilla Foundation is aware of two potentially critical Firefox security vulnerabilities as reported publicly Saturday, May 7th. There are currently no known active exploits of these vulnerabilities although a "proof of concept" has been reported. Changes to the Mozilla Update web service have been made to mitigate the risk of an exploit. Mozilla is aggressively working to provide a more comprehensive solution to these potential vulnerabilities and will provide that solution in a forthcoming security update. Users can further protect themselves today by temporarily disabling JavaScript."As of this writing, the organization is still working on a fix. Firefox has garnered many converts due, in part, to its resistance to common web exploits. Recently, Mozilla celebrated the 50 millionth download of the browser that's largely credited with slowly gnawing away at IE's dominance in the browser space.
|
|
|
|
Email
Print
Digg This
Add to del.icio.us
