Small security hole in Firefox 0.9
techAdmin
Status: Site Admin
Joined: 26 Sep 2003
Posts: 4127
Location: East Coast, West Coast? I know it's one of them.
Reply Quote
:: Quote ::
Three new branches have been created for Firefox, Thunderbird, and the original Mozilla suite, in order to fix an external windows protocol handler bug. The new version numbers are Firefox 0.9.2, Thunderbird 0.9.2, and Mozilla 1.7.1. neowin.net


You can download the new Firefox 0.9.2 directly by clicking this link: Mozilla.org

:: Quote ::
Updated: The Mozilla Foundation has confirmed findings that its Mozilla and Firefox browsers are vulnerable to attacks using the "shell:" scheme, which execute arbitrary code under Windows without the user having to click a link. eweek.com


However, I believe that this is an error in the reporting, it sounds like you need to click the link:

:: Quote ::
When the user clicks on the link, it opens an "open/save" dialog box in which the user is allowed either to run the program, save it to disk or cancel. Mozilla and Firefox simply run the program without any further user action. <eweek>


An old discussion on bugzilla:
:: Quote ::
This is very important to be fixed ASAP with the recent windows xp flaw that
allows an hcp protocol request to delete any file on your hard disk, wildcards
allowed. See bug 172498 for an explanation. Note: that bug was marked as a
dupe of this broader one. bugzilla.mozilla.org


It's a Windows XP bug, but Firefox can be used to take advantage of it.

Version 0.9.2 contain the fix, but you don't need to install 0.9.2 apparently for that fix, it's a tiny download (1 kB) here.

Apparently only affects Windows XP, not Windows XP SP2 though. As usual, Mac OS X and Linux users have nothing to worry about, although Mozilla did have some security issues on Unix recently.

All it does is shut off the ability to run 'shell:', which Mozilla had thought about turning off by default but left on for some reason. Happily not a structural flaw or anything as far as I can see.

To see if your Firefox browser is properly patched, you can visit this page, if you only see the one link <Click to show file> it's patched, if you see several other ones, including <Clicking this could crash your system!!!>, it's not.

These are good things to work out before the 1.0 release I think, since security is one of the questions driving this thing, it's good to see this kind of testing happening, also nice to see how simple the fix is.

Now that Firefox is entering the big leagues things like this will probably have to be taken a bit more seriously.

And here's a really critical new development:
:: Quote ::
Future versions of Mozilla Firefox will include automatic update notifications, which will make it even easier for users to be alerted to security fixes.mozilla security shell

Back to top
Display posts from previous:   

All times are GMT - 8 Hours