CastleCops® - Two Critical Vulnerabilltiew Discovered in FireFox Browser

Need help? Click here to register for free! Absolutely zero advertisements on this site!

**$9736.22 of $21422.68**

Help CastleCops serve the community on new servers, Donate Here to reach our goal.

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Survey

Browsers: Two Critical Vulnerabilltiew Discovered in FireFox Browser

cj writes "Two vulnerabilities have been discovered in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system.

Critical: Extremely critical
Impact: Cross Site Scripting
System access
Where: From remote
Solution Status: Unpatched
Software: Mozilla Firefox 1.x

1) The problem is that IFRAME JavaScript URLs are not properly protected from being executed in context of another URL in the history list. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site.

Excerpt from Secunia "

Posted on Sunday, 08 May 2005 @ 12:32:06 UTC by Paul (1374 reads)
[ Trackback ]

"Browsers: Two Critical Vulnerabilltiew Discovered in FireFox Browser" | Login/Create an Account | 2 comments | Search

The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: Two Critical Vulnerabilltiew Discovered in FireFox Browser (Score: 1)
by woodsmoke on Sunday, 08 May 2005 @ 20:01:32 UTC
(User Info | Send a Message)

Oh, for those heady, halcyon days of that boy wonder building his first apple in the garage and the beginnings of DARPA net. The rightous indignation about SELLING information..... aaahhh yes those halcyon days. If there is any evidence that there truely are evil people who just don't care about you or me, or whether you or I live or die, or whether your or my loved ones do..... The nail in the coffin of boys(girls too) just being boys has to be that Firefox has finally been hacked big time. The days of thinking those folks that burn condos because of precious trees and just sell a joint here and there for the good of mankind's enlightnment or the whiz kid, he's ok really, just having fun hacking the local bank's records; is all put to the lie when a not for profit, for the good of mankind program like Firefox is hacked. There really are people who really are evil. And, just maybe that good ol' boy or good ol' girl who wink, wink, nudge, nudge wants to do something edgy like hack into big bad ol' government's computers isn't so tame after all..... Ah, for the halcyon days.....And.... remember this when you fly next time..... IBM is going to start using Linux for it's servers...... wonder if those good ol' boys just hackin' in a little on Firefox are practicing for bigger things...... Ah for the halcyon days..... :cry:

Re: Two Critical Vulnerabilltiew Discovered in FireFox Browser (Score: 1)
by AplusWebMaster on Monday, 09 May 2005 @ 04:34:15 UTC
(User Info | Send a Message) http://www.apluswebmaster.net/

See:

Firefox 1.0.3 Alternate Workaround
- http://castlecops.com/p541003-Firefox_v1_0_3_exploit_released.html#541003 [castlecops.com]

	Login

	Nickname Password Security Code: Type Security Code: Usage signifies AUP acceptance · New User? · Click here to create a registered account.

	Related Links

	· del.icio.us! · digg it! · reddit! · TrackBack (0) · HotScripts · W3 Consortium · HTML Standard · Mozilla · More about Security Hole · News by Paul Most read story about Security Hole: Windows Media Player, Spyware and Trojan

	Article Rating

	Average Score: 0 Votes: 0 Please take a second and vote for this article:

	Options

	Printer Friendly Page


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 161ppm 0.181s (0.015s) Making cybercriminals unhappy since 2002*