Mozilla flaws could allow attacks, data access

Multiple vulnerabilities that could allow an attacker to install malicious code or steal personal data have been discovered in the Mozilla Suite and the Firefox open-source browser.

Details of the nine flaws were published on Mozilla's security Web site over the weekend.

Ian Latter, senior security consultant at Internet security specialist Pure Hacking, said most of the vulnerabilities are based on the way the applications handle JavaScript.

"There are some permission issues related to running JavaScript at an escalated privilege level. They remove some of the security measures used to keep JavaScript sandboxed and allow it to potentially do malicious things to your computer," Latter said.

Another issue could allow malicious scripts to gain access to random pieces of memory, he said.

"This random memory may or may not contain pieces of information about where you have been browsing. The worst-case scenario is that it could contain some personal or login information," said Latter.

On Monday, security advisory firm Secunia issued a "highly critical" rating on the flaws found in Mozilla Firefox 0.x and 1.x versions. Secunia posted its advisory on eight of the flaws.

According to the French Security Incident Response Team, attackers could run malicious code on a user's system because of a flaw in the Mozilla browser's pop-up blocker.

An advisory from the French group said, "When a pop-up is blocked, the user is given the ability to open that one pop-up...If the pop-up URL were JavaScript: selecting 'Show JavaScript:...' from the infobar or pop-up blocking status bar icon menus would run the JavaScript with elevated privileges, which could be used to install malicious software."

Another of the Firefox flaws can be exploited when a user visits a Web page that requires a plug-in that has not already been installed. The French advisory claims that if the browser's Plug-in Finder Service is used to automatically locate an appropriate plug-in, the "manual install" function can be used to "launch arbitrary code capable of stealing local data or installing malicious code."

All versions of Mozilla Suite prior to version 1.7.7 and all versions of Firefox prior to 1.0.3 are vulnerable.

Pure Hacking's Latter advises users to either disable JavaScript or download a patched version from Mozilla's Web site.

Munir Kotadia of ZDNet Australia reported from Sydney.

[TheMidnightCoder]

Somehow it must still be M$ fault, right?

Where are you OSS guys now...

[aabcdefghij987654321]

Open Source = Peer Review

Step 1: search bugzilla database
Step 2: write article
Step 3: profit!

Ha Ha Ha Ha.

Reality sucks, doesn't it

[alegr]

Firefox is like a sieve!

Folks,

Download Firefox sources, search for 'sprintf', and behold the wonders of buffer overflows! Pick any 'sprintf' call and figure out how to exploit it.
I haven't even looked for 'strcpy' and 'strcat' flaws yet.

[System Tyrant]

No.

They've already got a fix for it.

[M C]

Story mistitled -- should be "Mozilla patches flaws"

This kind of reporting is irresponsible. The reporter has actually withheld information vital to the readers: that a patch has been in existence for days.

Then, at the very end of the article it alludes in the weakest possible terms to the existence of a patch. Readers who get googly-eyed by the techincal stuff in the body of the article will miss it entirely, possibly causing them to run unpatched and vulnerable.

CNet, why don't you try and HELP the computing community sometime?

still not enough to switch to IE

I still think the open method will prevail over anything M$ can buy.

6 Years in Making and Still...

6 Years in Making (from a failed project's source codes aka netscape & mozilla) and Still Does not Work! Stallman & CO, said its will be flawless, solid, best, what happend ?

Get Life, Get IE.
www.microsoft.com/windows/IE

[unknown unknown]

They've been patch why report on them now? (not text)

<EOM>

[System Tyrant]

I would like to thank...

Scott Graham for his link. I went over to Secunia to view the 3 non critical Firefox bugs and stayed to view the many more unfixed non critical and critical bugs that IE has left unpatched. I would suggest anybody who wants to learn more go on over there and take a look

http://www.secunia.com

[Kelson]

So why not focus on the fix instead of the risk?

If people don't update, maybe it's because (a) they don't realize it's important, and (b) they don't realize the fix is available. Stories like this have the opportunity to inform people on both counts. But this story actually manages to *hide* the fact that the update is available. Even allowing for sensationalism, something like "Firefox Security Holes Found, Fixed" with a sidebar pull-out of "Update to 1.0.3 to be protected" could succeed at both sensationalism and responsible reporting.