Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Critical updates for Firefox released

February 23rd 2007 in Uncategorized

Firefox has been updated to fix a major security flaw.  Updates have been released for Windows, Mac and Linux (being v.1.50.0.10 and 2.0.0.2).


The primary vulnerability addressed by this update is the location.hostname vulnerability.  It is a doozy, potentially allowing hackers to tamper with authentication cookies for third party sites, and control how Web sites are displayed and operate.  Phishers, in particular, would find this vulnerability very useful, because a user could be fooled into thinking they are connecting to their bank, when in fact it is a bad guy that is controlling what they see.


2.0.0.2 can be downloaded at www.getfirefox.com.  1.5.0.10 is available at http://www.mozilla.com/firefox/all-older.html


It should be noted that 1.5.0.x will only receive security and stability updates until 24 April 2007, then you’re on your own.


One comment to...
“Critical updates for Firefox released”

Sonic

Thanks for your information. Despite being “Queen of IE”, you are still willing to share the security information about Firefox. Well Done!


Ok, *this* vulnerability demo is good.  Unlike other IE7 vulnerabilities that have been reported that resulted in weird behaviour that made it obvious to all but the most unobservant user that something weird is going on, this one is pretty much impossible to spot.
That being said, to take advantage of the vulnerability you’re going to […]

Previous Entry

The stuff of nightmares…. of course, y’all know NOT to go out and buy IWRS, yes?

Next Entry