Firefox 12 will be able to bypass UAC and possibly corporate security settings

Subject: General Tech | April 24, 2012 - 01:01 PM |
Tagged: UAC, security, firefox

One of the causes of the adoption of Google's Chrome browser in the workplace is that for the most part, since it installs under your user directory it can bypass the limited permissions on most business computers, letting the user install something without consulting IT.  This is a minor security concern as Chrome runs with limited permissions and is certainly not more inherently vulnerable than the old corporate standby, IE6.

According to The Inquirer Firefox will be starting to do something similar but with larger repercussions.  FireFox 12 will be whitelisted on UAC, allowing system level access to the program.  While this does mean that if they are successful users will be running up to date software and not require IT resources to upgrade FireFox every month or so, it also introduces a powerful attack vector for infections.  A silent FireFox update might not be from Mozilla and could instead be from malware online, creating a system vulnerability that the user is completely unaware of until obvious symptoms start to show, by which time it could be too late to stop the spread of an infection to the network or to clients machines.  The update is due out today, so keep a close eye on your FireFox installation for now.

 

images.jpg

"SOFTWARE DEVELOPER Mozilla will bypass Windows' user account control (UAC) to implement silent updating in its Firefox 12 web browser.

Mozilla's Firefox 12 is expected to be released today, and the outfit claims it will bypass Windows UAC in order to enable silent updating. Since Mozilla put Firefox on its rapid release schedule, it has put out new versions of the web browser every six weeks, leading some users to complain about the number of releases."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Inquirer