nuttysocrates (![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small} nuttysocrates) wrote,@ 2005-02-28 12:44:00 |
|
Welcome to the real world
They said that Mozilla and Firefox were above all security issues .. that they ushered in
an era of very safe browsing ---
Welcome to the real world ladies and gentlemen
Welcome to the real world ......
Mozilla, Firefox Open To Attack
By TechWeb News
Hackers can grab control of computers by taking advantage of vulnerabilities in both the Mozilla browser suite and the Firefox stand-alone browser, a security intelligence firm said Monday.
According to Reston, Va.-based iDefense, Mozilla 1.7.3 and Firefox 1.0 -- and likely all earlier versions as well -- include a "design error" that lets hackers create a memory heap overflow, which then allow remote code execution and a compromise of the system. Even a failed attempt to exploit this flaw could bring down the browser, added iDefense.
Mozilla characterized the problem as "high" on the severity chart, but "low" on risk, in part because it said a successful exploit was dicey. "Creating the exact conditions for exploitation--including running out of memory at just the right moment--is unlikely," Mozilla said in an online security advisory.
There is no patch -- not uncommon with Mozilla browsers -- and instead users are urged to update to the newest versions, which don't include the flaw. Mozilla 1.7.6 and just-released Firefox 1.0.1 are the recommended editions. Both can be downloaded from the Mozilla Foundation Web site.
iDefense has posted details on the vulnerability on its site.
They said that Mozilla and Firefox were above all security issues .. that they ushered in
an era of very safe browsing ---
Welcome to the real world ladies and gentlemen
Welcome to the real world ......
Mozilla, Firefox Open To Attack
By TechWeb News
Hackers can grab control of computers by taking advantage of vulnerabilities in both the Mozilla browser suite and the Firefox stand-alone browser, a security intelligence firm said Monday.
According to Reston, Va.-based iDefense, Mozilla 1.7.3 and Firefox 1.0 -- and likely all earlier versions as well -- include a "design error" that lets hackers create a memory heap overflow, which then allow remote code execution and a compromise of the system. Even a failed attempt to exploit this flaw could bring down the browser, added iDefense.
Mozilla characterized the problem as "high" on the severity chart, but "low" on risk, in part because it said a successful exploit was dicey. "Creating the exact conditions for exploitation--including running out of memory at just the right moment--is unlikely," Mozilla said in an online security advisory.
There is no patch -- not uncommon with Mozilla browsers -- and instead users are urged to update to the newest versions, which don't include the flaw. Mozilla 1.7.6 and just-released Firefox 1.0.1 are the recommended editions. Both can be downloaded from the Mozilla Foundation Web site.
iDefense has posted details on the vulnerability on its site.
