BROWSER SECURITY ALERT: Mozilla Firefox Code Execution Vulnerabilities Found
An advisory has been issued at Secunia.com concerning two vulnerabilities within Firefox. I just thought it important to let all my readers know. Here are the details:
Two vulnerabilities have been discovered in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system.
Successful exploitation requires that the site is allowed to install software (default sites are "update.mozilla.org" and "addons.mozilla.org").
A combination of vulnerability 1 and 2 can be exploited to execute arbitrary code.
NOTE: Exploit code is publicly available.
The vulnerabilities have been confirmed in version 1.0.3. Other versions may also be affected.
2) Disable software installation: Options --> Web Features --> "Allow web sites to install software"
NOTE: A temporary solution has been added to the sites "update.mozilla.org" and "addons.mozilla.org" where requests are redirected to "do-not-add.mozilla.org". This will stop the publicly available exploit code using a combination of vulnerability 1 and 2 to execute arbitrary code in the default settings of Firefox.
Sources: Secunia.com | Mozilla Security Advisories
If you've linked here from another site, welcome! Feel free to take a peek at the links on your left, and peruse the rest of my blog. Also, you are welcome to subscribe via the syndication links on your left.