Exploits Released for Firefox, Mozilla Flaws
Unfortunately, it appears security researchers have detailed exploits that show the bad guys how to take advantage of several of those flaws, according to a recent post from Finnish antivirus company F-Secure Corp.
The so-called "proof of concept" code was published today by Securiteam.com, but we'll refrain from linking to it in this post. Securiteam demonstrated the exploits, which it dubbed "Firescrolling," "Fireflashing," "Firetabbing," and "Firedragging," saying they could allow attackers to take advantage of some of Firefox's most useful features to install spyware or other unwanted software. Researchers sometimes release proof-of-concept exploit code with the rationale that it will help system administrators better understand how attackers might use the flaws, but many in the security community say releasing exploit code at virtually the same time patches are made available to fix the problem is just plain irresponsible and only invites trouble.
It's a measure of Firefox's growing popularity as an alternative to Microsoft's Internet Explorer Web browser that more hackers and security experts are starting to look for and find security flaws in Firefox. While it's nice that Mozilla is fixing these problems quickly, proof of concept exploits like the ones released today for Firefox give the bad guys new means with which to install spyware and other invasive software on your machine through your browser. If you're using any of the affected Mozilla products, don't wait any longer to install these updates.
April 17, 2005; 3:18 PM ET
Categories: Latest Warnings
Save & Share: Previous: Apple Issues 8 Security Updates for Mac OS X, Safari
Next: New Opera Browser Adds Security Features
The comments to this entry are closed.