Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Exploit heightens risk from old Firefox flaw

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Exploit heightens risk from old Firefox flaw
Date: Thu, 7 Jul 2005 01:46:04 -0500 (CDT) 
http://news.com.com/Exploit+heightens+risk+from+old+Firefox+flaw/2100-1002_3-5776978.html

By Joris Evers
July 6, 2005 

Computer code that could be used to attack systems with older versions
of Firefox has been released on the Internet, security experts have
warned.

The exploit code takes advantage of a security vulnerability in
Firefox 1.0.1 and earlier versions of the open-source Web browser, the
French Security Incident Response Team, or FrSIRT, said in an advisory
posted Wednesday.

The bug exists because of an error in the way the older versions of
Firefox handle GIF images. An attacker could gain control of a PC by
luring the user to a Web page or sending an e-mail containing a
specially crafted image, according to FrSIRT, which rates the issue
"critical."

Only Firefox 1.0.1 and earlier are vulnerable. The image-parsing
problem was fixed in Firefox 1.0.2, which was released in March. Since
then, two more Firefox updates have been released, mostly to address
security issues. The most recent version is Firefox 1.0.4, which was
released in May.

Because the security bug was quashed more than three months ago, the
exploit release is less of a concern, said Michael Sutton, a lab
director at security company iDefense. "Given the length of time
during which patches have been available, I would consider the release
of this exploit to be a credible threat, but not critical," he said.

A representative for the Mozilla Foundation, the maker of Firefox,
said most of the browser's users have upgraded to version 1.0.4.  
Mozilla encourages people to check for updates regularly and update
their browser when a new version is available, the representative
said.
 
Previous Next Since the debut of Firefox 1.0 in November, its usage
has grown at a rapid pace. Security has been a main selling point for
Firefox over Microsoft's rival Internet Explorer. The number of
downloads of the software is close to passing the 70 million mark,
according to the download counter Spread Firefox Web site. That total
represents downloads of all versions, so it doesn't necessarily
represent individual users.

Firefox has demonstrated that the mature Web browser market, dominated
by Internet Explorer, can be shaken up. IE has begun to see its market
share dip slightly--a first in a number of years. Firefox U.S. usage
share reached nearly 7 percent at the end of April, according to
tracking company WebSideStory.

Copyright ©1995-2005 CNET Networks, Inc. All rights reserved. 



_________________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 - 
2,000+ international security experts, 
10 tracks, no vendor pitches.
www.blackhat.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Exploit heightens risk from old Firefox flaw, InfoSec News <=
Previous by Date:  [ISN] USC admissions site cracked wide open, InfoSec News
Next by Date:  [ISN] Zlib Security Flaw Exposes Swath of Programs, InfoSec News
Previous by Thread:  [ISN] USC admissions site cracked wide open, InfoSec News
Next by Thread:  [ISN] Zlib Security Flaw Exposes Swath of Programs, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]