Firefox 12 will be able to bypass UAC and possibly corporate security settings
Subject: General Tech | April 24, 2012 - 01:01 PM | Jeremy Hellstrom
Tagged: UAC, security, firefox
One of the causes of the adoption of Google's Chrome browser in the workplace is that for the most part, since it installs under your user directory it can bypass the limited permissions on most business computers, letting the user install something without consulting IT. This is a minor security concern as Chrome runs with limited permissions and is certainly not more inherently vulnerable than the old corporate standby, IE6.
According to The Inquirer Firefox will be starting to do something similar but with larger repercussions. FireFox 12 will be whitelisted on UAC, allowing system level access to the program. While this does mean that if they are successful users will be running up to date software and not require IT resources to upgrade FireFox every month or so, it also introduces a powerful attack vector for infections. A silent FireFox update might not be from Mozilla and could instead be from malware online, creating a system vulnerability that the user is completely unaware of until obvious symptoms start to show, by which time it could be too late to stop the spread of an infection to the network or to clients machines. The update is due out today, so keep a close eye on your FireFox installation for now.
"SOFTWARE DEVELOPER Mozilla will bypass Windows' user account control (UAC) to implement silent updating in its Firefox 12 web browser.
Mozilla's Firefox 12 is expected to be released today, and the outfit claims it will bypass Windows UAC in order to enable silent updating. Since Mozilla put Firefox on its rapid release schedule, it has put out new versions of the web browser every six weeks, leading some users to complain about the number of releases."
Here is some more Tech News from around the web:
- HTC plans to develop customized processors @ DigiTimes
- ARM profits rise 22 per cent as margins increase @ The Inquirer
- Windows 8 Release Preview is coming 'first week of June' @ The Inquirer
- Microsoft lobs out first Skype for Windows Phone @ The Register
- Plumbers of the interwebs vow to kill IP hijacking @ The Register
- AMD Confirms Drop of Monthly Driver Support for Radeon HD 2000-4000 Series @ NGOHQ
- Sophos study finds that one fifth of Macs carry malware @ The Inquirer
- The TR Podcast 110: The lowdown on Ivy Bridge and her mobos