If geeks love it, we’re on it

Exploit Code Chases Two Firefox Flaws

Exploit Code Chases Two Firefox Flaws

Two vulnerabilities in the popular Firefox browser have been rated “extremely critical” because exploit code is now available to take advantage of them.

The cross-site scripting and remote system access flaws were discovered in Firefox version 1.0.3, but other versions may also be affected, said security company Secunia, which issued the ratings Sunday.

The two vulnerabilities, when combined, can be exploited, but no known cases have yet emerged where an attacker took advantage of the public exploit code.

One flaw involves “IFRAME” JavaScript URLs, which are not properly protected from being executed in the context of another URL in the history list.

“If you visit a malicious Web site, it can steal cookie information from other Web sites you had previously visited,” said Thomas Kristensen, Secunia’s chief technology officer. The attacker could then use that information to engage in identity theft or gain access to other password-protected sites that the victim visited.

Source: c|net

Comments

  1. Kwitko
    Kwitko Vulnerabilities in Firefox? Never! :rolleyes:

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!