Network News

X My Profile
View More Activity

Exploits Released for Firefox, Mozilla Flaws

On Saturday, Security Fix warned readers that Mozilla had issued patches for nine security holes in its Firefox Web browser and its Mozilla Internet application suite.

Unfortunately, it appears security researchers have detailed exploits that show the bad guys how to take advantage of several of those flaws, according to a recent post from Finnish antivirus company F-Secure Corp.

The so-called "proof of concept" code was published today by, but we'll refrain from linking to it in this post. Securiteam demonstrated the exploits, which it dubbed "Firescrolling," "Fireflashing," "Firetabbing," and "Firedragging," saying they could allow attackers to take advantage of some of Firefox's most useful features to install spyware or other unwanted software. Researchers sometimes release proof-of-concept exploit code with the rationale that it will help system administrators better understand how attackers might use the flaws, but many in the security community say releasing exploit code at virtually the same time patches are made available to fix the problem is just plain irresponsible and only invites trouble.

It's a measure of Firefox's growing popularity as an alternative to Microsoft's Internet Explorer Web browser that more hackers and security experts are starting to look for and find security flaws in Firefox. While it's nice that Mozilla is fixing these problems quickly, proof of concept exploits like the ones released today for Firefox give the bad guys new means with which to install spyware and other invasive software on your machine through your browser. If you're using any of the affected Mozilla products, don't wait any longer to install these updates.

By Brian Krebs  |  April 17, 2005; 3:18 PM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Apple Issues 8 Security Updates for Mac OS X, Safari
Next: New Opera Browser Adds Security Features

No comments have been posted to this entry.

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company