Results 1 to 2 of 2

Thread: Critical flaw plagues Mozilla

  1. #1
    Head Honcho Administrator Reverend's Avatar
    Join Date
    Apr 2002
    Location
    England
    Posts
    14,044

    Critical flaw plagues Mozilla

    Security experts have found a critical flaw in the Mozilla browser, days after the disclosure that the Firefox browser was vulnerable to phishing scams.

    The flaw is in the browser's handling of the Network News Transfer Protocol (NNTP), which is used to post and distribute Usenet messages. All Mozilla browsers before version 1.7.5 have the flaw.

    In order to exploit the flaw hackers would have to craft a long news:// address and which would crash the application and possibly allow code to be inserted onto the target machine.

    "I found a flaw in NNTP handling code which may cause heap overflow and allow remote attacker to execute arbitrary code on client machine," said Maurycy Prodeus, from security firm iSEC security research.

    "On my RedHat 9.0 with Mozilla 1.7.3 attached proof of concept code overflows the buffer using attacker-supplied data. I decided to make this bug public because Mozilla Team hasn't warned users."

    Mozilla recommends users upgrade their browsers to the latest version (found at http://www.mozilla.org/products/mozilla1.x/) to solve the problem.

    vnunet

    =========== Please Read The Forum Rules ===========

  2. #2
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,941
    So basically keep it updated and this problem is no issue?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •