Internet Explorer Capable of Activating Firefox FlawIn an unusual attack involving browsers, Microsoft's Internet Explorer could help Mozilla's Firefox to become active and execute malicious code, as Vnunet.com published in news on July 13, 2007. When Firefox installs a protocol handler on the user's browser to handle 'firefloxurl://' instructions, the zero-day flaw in the browser uses the handler to launch the attack. If the user opens Internet Explorer to view a page that uses the 'firefloxurl', the browser would automatically activate Firefox and allow the execution of malicious software in JavaScript. While Mozilla is at developing a fix, organizations are urged to proactively lessen the risk to their networks by asking users to take care when they browse the web and to avoid un-trusted sites, said Paul Zimsky, director of market strategy at Patchlink, as reported by Vnunet. Companies need to use active scripting when surfing on Java browsers to restrict users from visiting malware-ridden sites. While IT administrators today have to handle three significant patches, they should deploy the fix on a priority basis to prevent the exploit at the time of its release, Zimsky said. Mozilla said that it hasn't found any instance of hackers exploiting the flaw. Although Mozilla and Microsoft do not have a fix right now, Mozilla said it would prepare the patch for the forthcoming 2.0.0.5 release. The patch would not let IE send Firefox malicious content. However, since Internet Explorer is a Microsoft application, Mozilla wouldn't be equipped to set right the IE catalyst. As Mozilla writes on its security blog, the important point to note is that while using Firefox to surf the Web, users wouldn't be vulnerable to this attack, if the same computer does not run the IE program on it. Technewsworld.com published this on July 11, 2007. This problem is easy to solve by using Firefox for browsing. But Secunia says the solution is in not browsing un-trusted sites with active IE. Well, there's still some ambiguity over which firm should arrange a patch for the particular flaw. According to some arguments, Secunia calls it Firefox vulnerability while SecurityFocus considers it as an Internet Explorer issue. Related article: Internet Threat Volumes Overwhelm Security Companies ยป SPAMfighter News - 7/25/2007 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
