Oh goody, another security hole

Subject: General Tech | July 26, 2007 - 11:54 AM |
Tagged:

This one comes to FireFox users in much the same way as the vulnerability that was patched last week, through the way Uniform Resource Identifiers are handled.  Last week's flaw involved URI's passed from IE, this week it has to do with the way FireFox, Netscape 9 and Mozilla handle them directly.  A patch is currently in the works, which you can read about on The Register.  This type of vulnerability will keep appearing when new URI's are added, which is going to keep happening with the growth of it's two subsets, Uniform Resource Librarys and Uniform Resource Names.

"Security researchers have disclosed a zero-day vulnerability in the latest version of Firefox that gives miscreants

complete control of Windows-based computers when the Mozilla browser visits a booby-trapped website.

The vulnerability resides in the way Firefox handles uniform resource identifiers, the protocols that allow the

browser to access software and other resources located on a PC. The browser fails to properly vet at least five

different URIs, a flaw that could allow an attacker to install malware on a PC simply by convincing a victim to click

on a doctored link."

Here is some more Tech News from around the web:

Tech Talk


Source: The Register
No comments posted yet.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.