(old)Puppy Linux Discussion Forum

FYI... I don't know if this problem is in Firefox alone or if it is in the Mozilla browser too...

-----

Firefox suffers first 'extremely critical' security hole

By Matthew Broersma
Techworld
09 May 2005

Firefox has unpatched "extremely critical" security holes and exploit
code is already circulating on the Net, security researchers have
warned.

The two unpatched flaws in the Mozilla browser could allow an attacker
to take control of your system.

<snip>

Full article at:
http://www.techworld.com/security/news/ ... ewsID=3619

Just found this on the net.

The Mozilla Foundation on Wednesday shipped a new version of its flagship Firefox Web browser to patch a serious security hole that could put users at risk of computer takeover.

The flaw, which was discovered and reported by Internet Security Systems Inc., causes a buffer overflow because of the way GIF files are processed by Firefox.

Developed by CompuServe in the 1980s, the GIF format is widely used on the Web because of the improved file-compression features it offers.

"There have been no known exploits of the bug, but as Mozilla is committed to delivering the most secure product possible, we decided to quickly issue an update to patch the bug," said Chris Hoffman, director of engineering at Mozilla.

Did you read the comments at the bottom of that article, they got pretty heated in some parts but some were funny.

Staying on top of the exploits can be a full time job. Here are a few of the Mozilla exploits that I could find (date posted -- description):

Sat 21-May-2005 -- Mozilla Firefox view-source:javascript url Code Execution Exploit
Sun 08-May-2005 -- Mozilla Firefox 1.0.3 Remote Arbitrary Code Execution Exploit
Mon 18-Apr-2005 -- Mozilla Suite and Firefox "Link" Code Execution Exploit
Sun 17-Apr-2005 -- Mozilla Suite and Firefox "favicons" LINK Code Execution Exploit
Sun 17-Apr-2005 -- Mozilla Firefox Sidebar Code Execution Proof of Concept Exploit

All we can do is be aware and update as appropriate...