Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Firefox exploit targets zero day vulns
John Leyden, The Register 2005-05-09

Security researchers have discovered two unpatched vulnerabilities in Firefox, the popular alternative web browser. The security bugs affect even the latest version of Firefox (version 1.0.3) and create a means for attackers to seize control of vulnerable systems using cross-site scripting attacks.

Comments Mode:
Firefox exploit targets zero day vulns 2005-05-09
Anonymous
Please be aware that Javascript is probably not the only solution. The IFRAME exploit requires the site to 'visit' the site in question, so Mozilla has been able to immediately change the method by which the updates site works and stop this affecting any users in the small interval before a fix is released.

See:

http://www.mozillazine.org/talkback.html?article=6582

http://forums.mozillazine.org/viewtopic.php?t=262520

if you are interested in seeing the facts on this issue.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11119/31810#31810
Firefox exploit targets zero day vulns 2005-05-09
TJ (4 replies)
Firefox exploit targets zero day vulns 2005-05-10
David Prinzing
Firefox exploit targets zero day vulns 2005-05-10
Anonymous (2 replies)
Firefox exploit targets zero day vulns 2005-05-10
C. Hollywood
Firefox exploit targets zero day vulns 2005-05-10
David Prinzing
Firefox exploit targets zero day vulns 2005-05-11
Aaron
Firefox exploit targets zero day vulns 2005-05-11
Anonymous
Firefox exploit targets zero day vulns 2005-05-10
Anonymous (2 replies)
Firefox exploit targets zero day vulns 2005-05-10
Anonymous (1 replies)
Firefox exploit targets zero day vulns 2005-05-13
TJ (1 replies)
Firefox exploit targets zero day vulns 2005-05-14
Aaron
Firefox exploit targets zero day vulns 2005-05-11
Coldman (2 replies)
Firefox exploit targets zero day vulns 2005-05-12
Anonymous (1 replies)
Firefox exploit targets zero day vulns 2005-05-13
Coldman
Firefox exploit targets zero day vulns 2005-05-12
Anonymous







 

Privacy Statement
Copyright 2009, SecurityFocus