Attack code published for Firefox flaw

By Joris Evers
Staff Writer, CNET News.com Published: September 22, 2005 10:26 PM PDT
Tools
Talkback
Print
Computer code that could be used to attack Firefox, Mozilla Suite and Netscape users has been released on the Internet. The release of the attack code comes days after Mozilla released an updated version of Firefox to fix several security flaws, including the bug exploited by the code. A fixed version of the Mozilla Suite is also available, but Firefox-based Netscape has yet to be updated. The Netscape browser is a product of Netscape, which is a division of Time Warner's America Online subsidiary. An AOL spokesman had no comment on Thursday.

The attack code exploits a vulnerability that was disclosed two weeks ago. The flaw lies in the way the browsers handle International Domain Names, or IDNs, which are Web addresses that use international characters. Hackers had been working to exploit the flaw and had said the code would be released after fixes were available. The exploit could let attackers run code remotely on vulnerable computers and works on Firefox, Mozilla and, in some cases, Netscape, according to security researcher Berend-Jan Wever, who published the code. Mozilla has urged users to upgrade to the latest versions of its products.

More from News.com on this story's topics

Security threats

 Create an email alert | RSS feed

Security

 Create an email alert | RSS feed

Web browsers

 Create an email alert | RSS feed

Time Warner

 RSS feed

See more CNET content tagged:
Netscape Communications Corp., Mozilla Corp., Firefox, Time Warner Inc., flaw

Add a Comment (Log in or register) 7 comments (Page 1 of 1)
FireFox sucks, use Opera!
by September 23, 2005 3:54 AM PDT
Opera's free and it has all the features that the doh!zilla foundation claims to have invented.

Dorkzilla is turning out to be worse the M$!

Download a real browser http://www.opera.com
Reply to this comment View all 3 replies
Yeah, then when Opera gets popular...
by Harfeld Bilgewing September 23, 2005 6:54 AM PDT
They'll post exploit code for it, too.

Everyone is waiting for a bulletproof browser. What we need are smarer surfers.
Reply to this comment
Opera not bulletproof
by Des Alba September 24, 2005 2:33 PM PDT
Check out securityfocus.com. I'm using Opera to post this. Opera is not nearly as popular as IE, Firefox or Netscape, YET. It has a lot of things going for it, true. It can emulate IE and Firefox, but the temptation to bug Opera will be too great for some people and malicious code is bound to follow, sooner, rather than later. Be aware! Run anti-spyware and anti-virus packages in the background, while browsing. Keep the other browsers on your PC as well. You will need them for certain things you'll want to do. Opera doesn't work on every site (i.e. Banking, Investing, YahooMusic) which require IE.
Reply to this comment
Powered by Jive Software
advertisement
RSS Feeds
Add headlines from CNET News.com to your homepage or feedreader.
Google
Yahoo
MSN
More feeds available in our RSS feed index.

Latest tech news headlines

Most Popular Stories
FCC approval suggests November Android debut
Apple willing to replace any smoking first-gen iPod Nanos
Debate rages over free wireless spectrum
Palm leaks Treo Pro photos and videos
Judge lifts MIT students' card-hacking gag order
Markets

Market news, charts, SEC filings, and more

Related quotes

Time Warner (-1.69%) -0.27 15.72
Dow Jones Industrials (-1.14%) -130.84 11,348.55
S&P 500 (-0.93%) -11.91 1,266.69
NASDAQ (0.00%) 0.00 1,816.15
CNET TECH (-1.39%) -22.86 1,626.36
  Symbol Lookup
advertisement
Welcome (log out) |View profile
Log in | Sign up Why join?
On CHOW: What is liquid smoke?
Advanced
search
advertisementSave up to $300/year on phone bills
Advanced
search
Visit other CBS Interactive sites