Multiple Mozilla flaws expose personal data

Details of the nine vulnerabilities were published on Mozilla's security Web site over the weekend.

Ian Latter, senior security consultant at Internet security specialist Pure Hacking, said most of the vulnerabilities are based around the way the applications handle Javascript.

"There are some permission issues related to running javascript at an escalated privilege level. They remove some of the security measures used to keep javascript sandboxed and allow it to potentially do malicious things to your computer," said Latter.

Latter said another issue could allow malicious scripts to gain access to random pieces of memory.

"This random memory may or may not contain pieces of information about where you have been browsing. The worst case scenario is that it could contain some personal or login information," said Latter.

According to the French Security Incident Response Team (FrSIRT), attackers can potentially run malicious code on a users' system because of a flaw in the Mozilla browser's pop-up blocker.

The FrSIRT advisory said: "When a popup is blocked the user is given the ability to open that one popup... If the popup URL were javascript: selecting 'Show javascript:...' from the infobar or popup blocking status bar icon menus would run the javascript with elevated privileges, which could be used to install malicious software".

Another of the Firefox flaws can be exploited when a user visits a Web page that requires a plug-in that has not already been installed. The FrSIRT advisory claims that if the browser's Plugin Finder Service is used to automatically find an appropriate plugin, the 'manual install' function can be used to "launch arbitrary code capable of stealing local data or installing malicious code".

All versions of Mozilla Suite prior to version 1.7.7 and all versions of Firefox prior to 1.0.3 are vulnerable.

Pure Hacking's Latter advises users to either disable Javascript or download a patched version from Mozilla's Web site.

• Related stories

• Alerts

Add your opinion

Firefox is now as vulnerable a ...Anonymous -- 18/04/05

Firefox is now as vulnerable as Internet Explorer :-(

these flaws are really critical

• Reply to comment
• Reply to story
• Report offensive content

At last the world is starting ...Anonymous -- 19/04/05

At last the world is starting to realise that firefox os not only no safer, but in fact, more "hackable" than IE.

• Reply to comment
• Reply to story
• Report offensive content

> At last the world is star ...Anonymous -- 19/04/05

> At last the world is starting to realise that firefox os not only no safer, but in fact, more "hackable" than IE.

Actually, IE is not "hackable" at all (unless you work for Microsoft). The source code for it is not available to the general public. So, you are correct on that point - FF is definitely more "hackable".

As for "safer", don't fool yourself with fancy words. Security is a process, not a solution. One has to apply security measures constantly, as new ways of cracking software (bar things like qmail, which have never been penetrated) are found daily. This latest release of FF shows that. Fortunately, white hats have once again been faster than the black hats. Who knows, maybe it even has something to do with open source...

The main problem remains the same, however. Microsoft aren't interested in security. They are interested in money out of your pocket for the new version of Windows, Office and whatever else. They only work on security related issues because they have to (bad press and some such). Otherwise, how many testers and programmers can $40G+ in the bank buy to fix IE? Lots. And yet, they have no intention of actually fixing design and implementation shortcomings of that browser.

It is a shame that a handful of hackers that do FF have a better security record than Microsoft. By any measure, IE should be a much better tool than FF.

• Reply to comment
• Reply to story
• Report offensive content

• Just In

• Most Popular

• Most Discussed

Reader Services

Popular Topics

Essentials