Firefox Down With Critical Flaw In JavascriptMozilla has reported a flaw in JavaScript. The flaw in the Mozilla's open source Firefox browser arises due to the ability of webpages to use JavaScript to duplicate keystrokes into file upload fields, for example, by shifting the focus between the entry fields in forms between onKeyPressed and onKeyDown events. File upload form filed enjoys extra safety so that scripts cannot select files automatically and dispatch them to Internet. But this 'safety' can be trespassed. Security firm Symantec Corporation agreed on the issue. It stated in an alert sent to its DeepSight threat system's subscribers that successful exploitation of this flaw might permit distant hackers to implement arbitrary machine code in context of the affected application. Zelewski informed in his report that the flaw affects latest editions of Firefox for all key PC platforms. He reported that the computer attack could be executed by luring a user to open a specially developed HTML file which hosts JavaScript code to exploit the vulnerability. Mozilla's error-tracking system Bugzilla rated the flaw as 'critical', second on the priority list. The flaw has been shown as a 'proof-of-concept' code only and Mozilla has received no reports of active exploits yet. The flaw in JavaScript came into light on the same day when Mozilla launched its update for Firefox (this update doesn't address the flaw in JavaScript). Mozilla, alongwith the US Computer Emergency Readiness Team requested users to disable JavaScript in Firefox to mitigate the flaw. There is one more unplugged Zalewski-discovered flaw in the latest editions of browser. This flaw could prove to be a boon for the cyber criminals running phishing scams. Daniel Veditz of Mozilla security said in an e-mail to ComputerWorld that it's important that they give the security patched to their users. Mozilla released the security patches in Firefox 1.5.0.10 and 2.0.0.2 on February 23, 2007. Firefox 2.0.0.2 is available in 36 languages and can be downloaded from Mozilla's Website in editions for Mac OS X, Windows and Linux. Also, users can update their existing versions with the 'Check for Updates' in the Help menu. Related article: Firefox Gets Vulnerable With JavaScript ยป SPAMfighter News - 3/8/2007 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
