Can I subscribe to information on new tests?
(OT) Critical Flaw Found in Firefox
Hello Guest		   
  • Login
• Register…
• Start blog		   • Who, Where, When
• What is interesting here?
• Duels		   • Polls
• Avatars
• Interests		   • Cities and Countries
• Random blog
• Users search		   • Search
• Games
• Tests
• GYXU		   • Ñîîáùåñòâà
• Talxy Chat
• Horoscope
• Online		  
Register!
GYXU > Pro Wrestling > (OT) Critical Flaw Found in Firefox 10 May 2005 07:40:39
  Recent blog posts: 
Hi!
Hi! I am Kate from Ukraine! I don't now, everything about this website. Also I dodn't know english very…

...
http://gyxu.com/p/lo­­gin.cgi?r=http­://www­.winxclu­b.com/

ONOTOLE NEGODUE
Blin, nu zaipali trabli s ssilkami.Zaxozu kuda to - BAZ! i ja snova gostj.Vxozu i vse norma,no…

Sri Lanka Vs West Indies
Sri Lanka won the first match by more than 100 runs…this is first in West Indies. .unfortunately after…

Blog Feed
http://feeds.feedbur­­ner.com/Tumble­weedRe­altyMaui

:-)
:-)­

...


...





  Forums:   
    topic feeds

• GYXU  all topics, blogs and comments

• General

• F1, Indy, Nascar, Rally

• Baseball

• Basketball

• Boxing

• Football

• Soccer

• Hockey

• Rugby

• Tennis

• Pro Wrestling

• Billiard

• Cycling

• Boats

• Kites, widsurfing, waterski

• Diving

• Skiing

• Cricket

• Golf

• Skating

• Buy / Sell

• Anonymous
  Discuss: 
[comics] Good news everyone!
Actually it looks like it's old news, but I just found out anyway. Anyone who can't speak French (i.e…

[AWARDS] Best Babyface [05/48]
Best Babyface Award Description: To be given to the person who best…

[AWARDS] First, some general…
First, some general comments... This document is copyright 2008 by Christopher Robin Zimmerman. All…
  Recent forum topics: 
Hoffman's High Hemologin Values
Does any of our Scandinavian friends know about Christian Hoffman being recently banned from racing for…

Jay Turberville defends Berndt…
Rational poster >> That is clearly the intended NEGATIVE interpretation of of Jihad…

Steel bolts and nuts for Ultima…
The now discontinued Jackson Ultima Matrix mounts (for removable figure skating blade runners) held the…
  Recent forum comments:
RE: Re: Drugs -Cycling and Market…
Carl Douglas wrote: I think you might be jumping to illogical conclusions. I'm not opposed to…

RE: Season opener?
On Mar 19, 7:07pm, garystanislaw...@gm­ail.com wrote: Hey thats great! hope to see you out…

RE: Season opener?
On Mar 20, 8:24am, Zephyr <davedejo...@hotmai­l.com> wrote:

RE: Season opener?
I sail Cass sometimes before jet ski season, but not sure if it's open yet. Maybe I'll see you there…

RE: Hoffman's High Hemologin Values
On Mon, 23 Mar 2009 08:49:37 -0700 (PDT), ADK Skier <lgsumr@yahoo.com> wrote: Kikkan Randall…

RE: Hoffman's High Hemologin Values
I'll stay out of that one. Some February lab test results - in the midst of races - showed my…

RE: Hoffman's High Hemologin Values
ADK Skier wrote: The real problem wasn't a high hemo value, but the wrong ratio between what I…

RE: Hoffman's High Hemologin Values
On Mar 23, 3:11pm, Terje Mathisen <"terje.mathisen at tmsw.no"> wrote: Thanks Terje…

RE: Worn Rotefella Boots
Neil wrote: Yes indeed! Normally it was sufficient to press the binding further down, i.e. tighten…

RE: Worn Rotefella Boots
Thanks for the suggestion. Looking at the boot tip in the cold light of day, the rubber is worn and the…
  Ìîäåðàòîð:
 Administrator

(OT) Critical Flaw Found in Firefox

~~ 10 May 2005 07:40:39
 http://story.news.ya­hoo.com/news?tmpl=st­ory&cid=1093&e=1&u=/­pcworld/120756


Firefox has unpatched "extremely critical" security holes and exploit
code is already circulating on the Net, security researchers have
warned.
ADVERTISEMENT
click here

The two unpatched flaws in the Mozilla browser could allow an attacker
to take control of your system.

A patch is expected shortly, but in the meantime users can protect
themselves by switching off JavaScript. In addition, the Mozilla
Foundation has now made the flaws effectively impossible to exploit by
changes to the server-side download mechanism on the
update.mozilla.org and addons.mozilla.org sites, according to security
experts.

The flaws were confidentially reported to the Foundation on May 2, but
by Saturday details had been leaked and were reported by several
security organizations, including the French Security Incident
Response Team (FrSIRT). Danish security firm Secunia marked the
exploit as "extremely critical", its most serious rating, the first
time it has given a Firefox flaw this rating.

In recent months Firefox has gained significant market share from
Microsoft's Internet Explorer, partly because it is considered less
vulnerable to attacks. However, industry observers have long warned
that the browser is more secure partly because of its relatively small
user base. As Firefox's profile grows, attackers will increasingly
target the browser.
Two Vulnerabilities Found

The exploit, discovered by Paul of Greyhats Security Group and Michael
"mikx" Krax, makes use of two separate vulnerabilities. An attacker
could create a malicious page using frames and a JavaScript history
flaw to make software installations appear to be coming from a
"trusted" site. By default, Firefox allows software installations from
update.mozilla.org and addons.mozilla.org but users can add their own
sites to this whitelist.

The second part of the exploit triggers software installation using an
input verification bug in the "IconURL" parameter in the install
mechanism. The effect is that a user could click on an icon and
trigger the execution of malicious JavaScript code. Because the code
is executed from the browser's user interface, it has the same
privileges as the user running Firefox, according to researchers.

Mozilla Foundation said it has protected most users from the exploit
by altering the software installation mechanism on its two whitelisted
sites. However, users may be vulnerable if they have added other sites
to the whitelist, it warned.

"We believe this means that users who have not added any additional
sites to their software installation whitelist are no longer at risk,"
Mozilla Foundation said in a statement published on Mozillazine.org.


Add comment
 

Add new comment

As:
Login:  Password:  
 
 
  
 
respect your talk pals, avoid using obscene language, typing entire messages in CAPS, posting buy/sell ads or violating netiquette or the RF Criminal Code..

GYXU > Pro Wrestling > (OT) Critical Flaw Found in Firefox 10 May 2005 07:40:39
see also:
Philip Rivers, MVP
Over the last 6 years - what CF program…
pass tests:
see also:
:-)
Sri Lanka Vs West Indies
  Copyright © 2001—2009 GYXU
Idea: Miñhael Monashev
See Help and FAQ in the community support.gyxu.com.
Write in the community about the bugs you have noticedbugs.gyxu.com.
Write your offers and comments in the communities suggest.gyxu.com.
Information for parents.
Write us at:
If you would like to report an abuse of our service, such as a spam message, please .