Risk from Old Firefox Flaw

[samsungster]

---

Exploit heightens risk from old Firefox flaw

Computer code that could be used to attack systems with older versions of Firefox has been released on the Internet, security experts have warned.

The exploit code takes advantage of a security vulnerability in Firefox 1.0.1 and earlier versions of the open-source Web browser, the French Security Incident Response Team, or FrSIRT, said in an advisory posted Wednesday.

The bug exists because of an error in the way the older versions of Firefox handle GIF images. An attacker could gain control of a PC by luring the user to a Web page or sending an e-mail containing a specially crafted image, according to FrSIRT, which rates the issue "critical."

The Mozilla Foundation issued a patch for a major security flaw in its Firefox browser on Wednesday and advised people to update their software.

The problem is caused by a buffer overflow in legacy Netscape code still included in the browser for animating GIF images, Chris Hofmann, director of engineering for Mozilla, said. Similar memory problems have affected Mozilla's browsers and Microsoft's Internet Explorer in the past. A malicious attacker could exploit them by creating carefully crafted image files that, when viewed by a victim in a browser, execute a program and compromise the system.

The flaw was discovered by Internet Security Systems, a network protection company, and patched before the public learned of the issue, Hofmann said.

[nunobone]

yaiks.. is this true im using Mozilla Firefox v1.0 .......

unsa paman nindot na broswer that uses tabs coz this is one thing i like about Firefox.. and FF sux when you download something.. i.save ni og ".file" na extension.. ngeks. anyways.. unsa paman lain??

[endofall]

Opera is a good alternative for IE or Fx (firefox). you can browse using multi-tabs with it and as for downloading files Opera has a resume feature which i think makes the browser better.

[Hot Ice]

Bay try gamit og "Maxthon" browser bay kung gusto kag tabs. And just like firefox, maka add kag mga plugins..

http://www.maxthon.com

[darkhero]

any browser can be harmful basta dli updated.. mao kinghanlan i update para cgurado nga katong mga bugs nga pwede ma exploit remotely o locally mawala na.. ok ra man ang firefox basta updated lang permi.. miski internet explorer gani ok ra man.. _BASTA_ updated lang.... watch out particularly for _critical_ security updates sa inyong fav browser.. IMHO, depende naman na sa user kung unsa iyang paborito nga browser ba... btw, ang internet explorer naa nay tabs inig version 7

[endofall]

and now where talking about holes that can be exploited if left unpatched. I might as well advise those security sensitive users to visit this site for a Browser Security Test
+> http://bcheck.scanit.be/bcheck/

Hope it helps.

[darkhero]

and now where talking about holes that can be exploited if left unpatched. I might as well advise those security sensitive users to visit this site for a Browser Security Test
+> http://bcheck.scanit.be/bcheck/

Hope it helps.

thanks for the link bay.. gamit gyud kaayo na nga link da.. i didnt know naa diay site gihimo para ana...

[bekindtoedward]

tnx for the link

[Visual C#]

I've already upgraded to FF v1.0.6, as a patch to a still unpatched Windows vulnerability.

[Wind Shear]

I recommend na magupgrade mo sa Firefox as soon as narelease na ang bag-ong version. It is similar to 1.0.5 pero girestore ang API compatibility.