REALTIME IT NEWS
REALTIME IT NEWS
Newsletters Select newsletters below and click the button to sign up!
Internetnews BloggersRecent Entries
ArchivesMonthly ArchivesSearch The Blog
« H D Moore has NOT been owned |
Sean Michael Kerner Blog
| Apple finally patches Kaminsky DNS flaw »
Firefox 3 at low/high risk from new flaw From the "tomato, tom-ah-to" files:
Mozilla Firefox 3 is at risk from a new flaw that is currently unpatched. Whether the flaw is high or low risk depends on who you ask (or read). This AM Radware issued a press release calling the vulnerability - critical. I contacted Mozilla and a few hours later they had an advisory up on their site calling the vulnerability - low risk. Mozilla explains the vulnerability to be: A null pointer dereference in the content layout component of Firefox allows an attacker to crash the browser when a user navigates to a malicious page.As a mitigating factor, Firefox's session restore will allow a user to restart their browser and be taken back to where they left off. The vulnerability requires that a user visits a malicious site with the malicious code on it, but as far as I can tell it does not require any further user interaction. In my book, any flaw that does not require user interaction is significant. True the impact is limited, and Mozilla notes that the issue is under investigation. But I hope that we see an incremental patch for this issue before I see a module for it up on Metasploit. 0 TrackBacksListed below are links to blogs that reference this entry: Firefox 3 at low/high risk from new flaw. TrackBack URL for this entry: https://swarm.jupitermedia.com/mt-tb.cgi/4161 1 CommentsLeave a comment |
||
Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers
|
Microsoft Partner Portal Video: Microsoft Gold Certified Partners Build Successful Practices |
MORE WEBCASTS, PODCASTS, AND VIDEOS |
|
Iron Speed Designer Application Generator |
MORE DOWNLOADS, EKITS, AND FREE TRIALS |
Digg
Del.icio.us
furl
StumbleUpon
BlinkList
Newsvine
Magnolia
Facebook
Tailrank
Slashdot
Technorati
Google
Bookmarks
Yahoo
Favorites
Windows
Live
Ask
It's basically a way to get the browser to crash - not a big find. I've seen the crash reporter a few times using FF3. Doesn't mean it's a security issue unless it's an exploitable crash - I'm kinda surprised a security company didn't bother to look to see if it is a security issue before trumpeting it in a press release.