Internet Explorer Capable of Activating Firefox Flaw
In an unusual attack involving browsers, Microsoft's Internet Explorer could help Mozilla's Firefox to become active and execute malicious code, as Vnunet.com published in news on July 13, 2007.
While Mozilla is at developing a fix, organizations are urged to proactively lessen the risk to their networks by asking users to take care when they browse the web and to avoid un-trusted sites, said Paul Zimsky, director of market strategy at Patchlink, as reported by Vnunet.
Companies need to use active scripting when surfing on Java browsers to restrict users from visiting malware-ridden sites. While IT administrators today have to handle three significant patches, they should deploy the fix on a priority basis to prevent the exploit at the time of its release, Zimsky said.
Mozilla said that it hasn't found any instance of hackers exploiting the flaw. Although Mozilla and Microsoft do not have a fix right now, Mozilla said it would prepare the patch for the forthcoming 18.104.22.168 release. The patch would not let IE send Firefox malicious content. However, since Internet Explorer is a Microsoft application, Mozilla wouldn't be equipped to set right the IE catalyst.
As Mozilla writes on its security blog, the important point to note is that while using Firefox to surf the Web, users wouldn't be vulnerable to this attack, if the same computer does not run the IE program on it. Technewsworld.com published this on July 11, 2007.
This problem is easy to solve by using Firefox for browsing. But Secunia says the solution is in not browsing un-trusted sites with active IE. Well, there's still some ambiguity over which firm should arrange a patch for the particular flaw. According to some arguments, Secunia calls it Firefox vulnerability while SecurityFocus considers it as an Internet Explorer issue.
Related article: Internet Threat Volumes Overwhelm Security Companies
» SPAMfighter News - 25-07-2007