Security holes hit Firefox

Firefox hit with flaws


10 May 2005 14:35 GMT / By Stuart Miles

Users of the latest version of the open source browser have found two “extremely critical” security holes that will allow hackers to gain remote access to the users computer to run malicious code.

The Mozilla Foundation the makers of Firefox said they are aggressively working to fix the holes as soon as possible, but recommend in the meantime that users switch off JavaScript code.

The company issued this security announcement on its site:

“The Mozilla Foundation is aware of two potentially critical Firefox security vulnerabilities as reported publicly Saturday, May 7th. There are currently no known active exploits of these vulnerabilities although a "proof of concept" has been reported. Changes to the Mozilla Update web service have been made to mitigate the risk of an exploit. Mozilla is aggressively working to provide a more comprehensive solution to these potential vulnerabilities and will provide that solution in a forthcoming security update. Users can further protect themselves today by temporarily disabling JavaScript.”

According to MozillaZine an independent Mozilla news, community and advocacy site. The second flaw is more serious and involves the software installation dialogue, which is used to ask the user if they wish to install software (such as an extension) from a website.

“In Mozilla Firefox (but not the Mozilla Application Suite), this dialogue can include an icon, which is supplied by the site as a URL to an image file. Due to insufficient checking, this icon URL can actually be a piece of JavaScript code, which is run with no further prompting. As this code actually runs from the software installation dialogue, rather than a webpage, it is executed with 'full chrome privileges', meaning that it can do anything that the user running Firefox can, including installing software or deleting files. This is the more serious flaw, allowing arbitrary software execution, and only affects Mozilla Firefox. It can prevented by disabling software installation.”

Earlier in the month, Firefox announced that it had been downloaded over 50million times.
Related
Full tags
Software, PC software, Browsers, Mozilla, Firefox
UK Shopping
Amazon.co.uk, play.com, pixmania.co.uk, Currys.co.uk, Dixons.co.uk, 7dayshop.com, ebay.co.uk
US Shopping
Amazon.com, bestbuy.com, ebay.com

share Subscribe to RSS feeds email story save story print story pdf

Comments

(Will not be published)

  (Next time sign in to bypass captcha)

Latest in Software

Latest on Pocket-lint

Top 10 Broadband

Compare 50+
broadband packages

Home Broadband »

Pocket-lint poll

Q. Do you use the same password for everything?

Vote YES Vote NO

» LAST TIME
When asked Do you check emails, twitter or surf the internet in the loo? 65% said yes and 35% said no

About Pocket-lint

Pocket-lint is your one stop shop for gadgets, technology and consumer electronics, bringing you the low-down on the latest televisions, cameras, phones, GPS and much more. Whether it's learning about what's hot in the world of Apple, finding out about the latest home cinema kit from Samsung and Sony or merely seeing what not to buy, we have you covered. So check out our reviews, news, comment, hands-on photo galleries and videos. Enjoy.

Top products

tip us on news

reviews hub

Rss feed

Follow us on Twitter