VinDSL writes:An exploit for the just-patched IDN bug in Mozilla's Firefox browser and namesake suite has been published on the Internet, a French security vendor said late Thursday. The hack creates a heap buffer overflow, and when it works, can give the user complete control of a vulnerable machine running Firefox, Mozilla, or even Netscape.
FrSIRT warned users of Firefox and Mozilla that the exploit code -- which FrSIRT published in its entirety, a not-uncommon practice for the firm -- should be considered a critical risk.
Tuesday, Mozilla patched the Firefox browser against the bug in its support of international domain names (IDN). Thursday, it followed up with a similar fix for the Mozilla suite in its Windows, Linux, and Mac OS X incarnations. Netscape, however, has not yet patched that browser.
Firefox 1.0.7 and Mozilla 1.7.12, which stymie the exploit, can be downloaded from the Mozilla site.
Source: informationweek.com/story/showArticle...
Related
Re: Firefox Exploit Ventures Into The Wild (Score: 1) |  | Yeah i knew about this but what makes it so funny is that everybody was always complaining about IE,but look at firefox now.. Im just talking about vunerabilities... |
| Re: Firefox Exploit Ventures Into The Wild (Score: 1) by Raven (raven (_AT_) ravenphpscripts (_DOT_) com) on Saturday, September 24, 2005 @ 22:08:42 CDT (User Info | Send a Message) | |
You're comparing apples and oranges. Compare by the number of exploits. |
| Re: Firefox Exploit Ventures Into The Wild (Score: 1) by hitwalker on Sunday, September 25, 2005 @ 07:05:57 CDT (User Info | Send a Message) | |
oh i wouldnt go that far, i just mean it also happens to firefox. it doesnt realy matter if IE has 500 bugs and firefox has 5,fact remeans that they are there. |
| Re: Firefox Exploit Ventures Into The Wild (Score: 1) by Raven (raven (_AT_) ravenphpscripts (_DOT_) com) on Sunday, September 25, 2005 @ 10:04:24 CDT (User Info | Send a Message) | |
Of course "they are there". All software has bugs. FF has never claimed to be perfect. What sets it and most other browsers apart from billIE is that it has about 95% less bugs, is standard compliant, is so much more secure, is easily extensible, and on and on. |
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
