Bugs for Firefox, something old and something new
Subject: General Tech | February 8, 2007 - 05:28 PM | Jeremy Hellstrom
CNET reports on 2 vulnerabilities found in Firefox. The first is found in Firefox version 220.127.116.11 but fixed by 2.0, it uses a combination of the built in pop-up blocker and XMLHttpRequest to relay info about the system to a remote server. You can find the full description of the flaw by following the link to SecuriTeam on CNet.
The second flaw is a vulnerability in the phishing filter. By adding a second "/" after the domain, the phishing filter will not catch it. So www.pcper.com/evil would be caught and www.pcper.com//evil would not. I would suggest getting spoofstick and upping the maxversion value to be compatible with Firefox 2.
If you are unsure how to ... download the Firefox version of Spoofstick with Internet Explorer so you get an .XPI file. Open that .XPI file with your favorite compression software. View the install.rdf with Notepad and look for the "<em:maxVersion>1.6a2</em:maxVersion>" line. Bump the value up to 18.104.22.168 or 3.0 or whatever version takes your fancy, as long as it is at least as high as your version of Firefox. Close the file archive, saving changes and the updating the archive.
Now you are running Spoofstick again. Although this method will work with every extension, I can't guarantee it won't break them or Firefox ... except this one, as I have been using it for months with no issue.
"A security company has reported two new flaws in the Mozilla Firefox browser that may leave locally saved files vulnerable to
Both flaws were announced by SecuriTeam, a division of Beyond Security, this week. The first flaw lies in Firefox's pop-up
blocker feature, according to a SecuriTeam statement on Monday. The browser typically does not allow Web sites to access files
that are stored locally, according to the official report, but this URL permission check is superseded when a Firefox user has
turned off pop-up windows manually. As a result, an attacker could use this flaw to steal locally stored files and personal
information that might be stored in them."
Here is some more Tech News from around the web:
- Wi-Fi Penetration Tester In Your
Pocket @ Slashdot
- Windows Vista Upgrade Frustrations @
- PCI-SIG completes PCIe External Cabling 1.0
specification @ DigiTimes
- Windows Vista Week 2: The Week of FUD @ Digital
- Panasonic HDC-SD1 Review @ Digital Trends
opens Gmail to all @ CNET