Newly discovered Firefox bugs 'extremely critical'.A pair of unpatched vulnerabilities in Mozilla's Firefox Web browser--rated as "extremely critcal" by one security firm--could allow an attacker to take control of a PC simply by getting a user to visit a malicious Web site, Mozila say.. Because proof-of-concept code has been leaked--as were the vulnerabilities--before a patch was ready, Mozila recommended that Firefox users either disable To turn off; deactivate. See disabled. JavaScript or lock down the browser browser Software that allows a computer user to find and view information on the Internet. The first text-based browser for the World Wide Web became available in 1991; Web use expanded rapidly after the release in 1993 of a browser called Mosaic, which used so it doesn't install additonal software, such as extensions or themes, from Web sites. The vulnerabilities were discovered by a pair of security researchers, who had notified Mozila earlier on, but were keeping mum until a patch was written. However, details of the vulnerabilities were leaked by someone close to one of the researchers. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. Danish security vendor Secunia, which tagged the bugs with a highest "extremely critcal" warning--the first time it's used that to describe a Firefox flaw--a hacker A person who writes programs in assembly language or in system-level languages, such as C. The term often refers to any programmer, but its true meaning is someone with a strong technical background who is "hacking away" at the bits and bytes. can trick the browser into thinking a download is coming from one of the by-default sites permitted to install software automatically addons.mozilla.org or update.mozilla.org. "Changes to the Mozilla Update web service have been made to mitigate the risk of an exploit," the Foundation announced on its security site. Specifically, Mozilia re-pointed the two update sites to a new URL URL in full Uniform Resource Locator Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. , and instructed users not to add that new site to their list of Allowed Sites. The change, however, only defends against the current proof-of-concept thats circulating cir·cu·late v. cir·cu·lat·ed, cir·cu·lat·ing, cir·cu·lates v.intr. 1. To move in or flow through a circle or circuit: blood circulating through the body. 2. , not the vulnerabilities themselves. While that reduced the risk of an immediate attack, Mozilla doesn't have control over the numerous sites that users might have added to the Allow, or whitelist, list. Popular plug-ins, called "extensions' by Firefox, could also be the root of attacks, since users must give an extension site installation permission. To close all possible doors, Mozilia recommended that users either disable JavaScript or turn off installation from Web sites. To disable Web site software installs, users can select Tools/Options/Preferences in Firefox 1.0.3, the current edition. Users can still install extensions or user interface themes manually by first downloading the file, then running them from Firefox's File menu. A security update--which will be dubbed dub 1 tr.v. dubbed, dub·bing, dubs 1. To tap lightly on the shoulder by way of conferring knighthood. 2. To honor with a new title or description. 3. Firefox 1.0.4--will be issued as soon as possible. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion