diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)

Nov192007

Mozilla to patch 9 month old Firefox bug

Mozilla Corp. will patch Firefox against a nine-month-old protocol handler bug, its chief security executive announced Friday, after researchers demonstrated that the vulnerability was more serious than first thought.

The bug is another Uniform Resource Identifier (URI) protocol handler flaw, and the news of an impending fix comes on the heels of Microsoft patching Windows to repair problems in the handlers it registers. Protocol handlers — “mailto:” is among the most familiar — let browsers launch other programs such as an e-mail client through commands embedded in a URL.

But Firefox’s jar: protocol handler (the “.jar” extension stands for Java ARchive, a ZIP-style compression format) does not check that the files it calls are really in that format. Attackers can exploit the flaw by uploading any content — malicious code, for example, or a malformed Office document — to a Web site, then entice users to that site and its content with a link that includes the jar: protocol. Because the content executes in the security context of the hosting site, if that site (eg., a commercial photo sharing service) is trusted, then the malicious code runs as trusted within the browser too.

Full Article

Firefox, Protocol, Exploit, Vulnerability, Mozilla, Browser, Patch

Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...