Mozilla Firefox Two Vulnerabilities

[AlbertPacino]

<CENTER>

</CENTER>

Description:
Two vulnerabilities have been discovered in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system.
<ul>

1. The problem is that "IFRAME" JavaScript URLs are not properly protected from being executed in context of another URL in the history list. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site.
2. Input passed to the "IconURL" parameter in "InstallTrigger.install()" is not properly verified before being used. This can be exploited to execute arbitrary JavaScript code with escalated privileges via a specially crafted JavaScript URL.

[/list]
Successful exploitation requires that the site is allowed to install software (default sites are "update.mozilla.org" and "addons.mozilla.org").

A combination of vulnerability 1 and 2 can be exploited to execute arbitrary code.

<font color="#FF0000">NOTE:</font> Exploit code is publicly available.

The vulnerabilities have been confirmed in version 1.0.3. Other versions may also be affected.

<font color="#33CC00">Solution:</font> Disable JavaScript.

Source

 

[Rockyme2002]

Thanks for the info m8

 

[Apex]

disabled javascript and software install in firefox..
hopefully i'm safe now

 

[~HeadShot~]

Good info there, mate!
Will secure my FF right now!

 

[AlbertPacino]

This is the 1st Extremely critical Vulnerability in the history of Firefox,luckily the cure is easy & the update (1.0.4) will be available soon,but its very important to follow the steps by disabling "allow website's to install" & or "disabling Java script" this exploit can seriously damage your comput,just be aware.

 

[undertaker]

Hmm... I am veering towards Maxthon now.FF becoming too buggy for me.On certain pages,scrolling though heavy images takes up 100% cpu resources on my xp 2500+,in maxthon the cpu usage never touches 20% for the same site.