Thread: Firefox Exploit Targets Zero Day Vulns
View Single Post
Old 09-05-2005, 11:50   #1
Neil
.
 
Join Date: Jun 2003
Posts: 6,239
Neil has a bronze arrayNeil has a bronze arrayNeil has a bronze array
Neil has a bronze arrayNeil has a bronze arrayNeil has a bronze arrayNeil has a bronze arrayNeil has a bronze arrayNeil has a bronze arrayNeil has a bronze arrayNeil has a bronze arrayNeil has a bronze arrayNeil has a bronze arrayNeil has a bronze arrayNeil has a bronze array
Firefox Exploit Targets Zero Day Vulns
Quote:
Originally Posted by El Reg
Security researchers have discovered two unpatched vulnerabilities in Firefox, the popular alternative web browser. The security bugs affect even the latest version of Firefox (version 1.0.3) and create a means for attackers to seize control of vulnerable systems using cross-site scripting attacks.

One vulnerability enables arbitrary JavaScript code with escalated privileges to be executed via a specially crafted JavaScript URL. Successful exploitation requires that a site is allowed to install software (default sites are "update.mozilla.org" and "addons.mozilla.org"). This would normally drastically reduce the scope for mischief - but for a second security bug, involving "IFRAME" JavaScript URLs, which creates a means to execute arbitrary HTML and script code in the context of an arbitrary site.
More Info Here....
Neil is offline   Reply With Quote