A New Firefox Bug Involves URL HandlingFollowing the emergence of another critical security hole in Firefox, Mozilla has released a patch for the flaw in its open-source browser. Sooner the newer versions of Microsoft's Internet Explorer (IE) and Mozilla's Firefox were released, hackers got busy to find fresh flaws in them. They posted information about a flaw with its details that could allow criminals to execute unauthorized software on a targeted system running Firefox. A bug relating to the URL protocol handling was found in the Firefox and Netscape browsers. Security researchers Nathan McFeters of Ernst & Young and Billy "BK" Rios of VeriSign Inc. on July 25, 2007 posted a proof-of-concept code to exploit the bug. Similar to the bug that Firefox 2.0.0.5 patched in the fourth week of July 2007 and another that Mozilla found on July 24 2007, this new Firefox vulnerability is in its way of using URLs that other applications pass to it. Both the flaws involve the process of handling URL. Though in the same handling process, the two errors are different, said Tyler Reguly, a security researcher engineer at nCircle Network Security. TMCnet published this in news on July 26, 2007. After McFeters and Rios provided the exploit code, Firefox had to launch a few local applications when IE7 running on Windows XP SP2 passed it to a defective URL. The researchers noted that the risk prevails only on computers having both IE7 and Firefox browsers in their active state. If an adept hacker uses the exploit code further for unethical reasons, then an affected PC could perform some dangerous acts. For instance, the hacker, with the help of a command-line FTP, could download a file with malicious features and then execute it. Mozilla's security chief, Window Snyder, said that first he thought the flaw was solely with IE, but soon he realized that the problem lay in Firefox as well. TMCnet published this on July 26, 2007. The URL handler continues to worry Firefox since the time security researcher Thor Larholm demonstrated how the interaction between Internet Explorer and Firefox could be exploited to allow illegal installation of software. Related article: A New "Blackmailing" Variant Creeps Around… » SPAMfighter News - 8/4/2007 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
