|
Home Forum Radio Memberlist Help Search Quick Links | |
| Forum Index » Internet » Security Alerts and vulnerabilities » Multiple Vulnerabilities in Mozilla Firefox, Netscape |
| Security Alerts and vulnerabilities Lets keep abreast on the latest threats by posting those findings here.. |
 |
 |
|
Thread Tools | Display Modes |  |
|
#1
09-23-2005, 09:56 PM
|
||||
|
||||
|
Situation:
Vulnerabilities have been discovered in the widely distributed browsers Firefox and Netscape. Additionally, code exploiting one of these vulnerabilities has been published. Description: Multiple vulnerabilities have been discovered in Netscape and Firefox browsers which may allow users visiting malicious websites to become compromised with spyware or Trojan horse software. In total, 9 vulnerabilities present in versions Firefox 1.0.6 and prior; Mozilla Suite version 1.7.11 and prior; and Netscape 8.0.3.3 and prior have been discovered and published. Exploit code specifically exists for the "IDN Host Remote Buffer Overflow Exploit". This exploit plays on the browsers ability to handle country domain suffixes (e.g. .uk). Greater detail on the exploit code and summarization of the 9 vulnerabilities can be found at the French Security Incident Response Team, the original publishers of the vulnerability and exploit code: http://www.frsirt.com/english/advisories/2005/1824 Potential Risk: Browsing with unpatched, vulnerable browsers to web sites configured with malicious exploit code may result in compromise, including infection with spyware and Trojan horse or 'bot' type remote control software. Counterpane considers this to be a moderate risk to individuals using these vulnerable browsers. This risk is increased if antivirus definitions on the PCs are not up to date. Versions Affected: Mozilla Firefox: Versions 1.0.6 and prior Netscape: All versions Counterpane Actions: Counterpane will continue to monitor the situation. No further updates will be issued unless the situation changes. Counterpane Recommendations: If using Firefox versions 1.0.6 or previous, upgrade to version 1.0.7 immediately at: http://www.mozilla.org/products/firefox/ If using Netscape, consider abstention from browser use until Netscape issue a patch to mitigate these vulnerabilities. Detection: No IDS / IPS signatures detect this attack vector. No scanners detect this vulnerability. 
|
 Posted |
|
| Bookmarks |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Mozilla hits back at browser security claim | Mobo | The coffee shop | 3 | 09-27-2005 11:18 PM |
| Spyware takes aim at Mozilla browsers | Mobo | The coffee shop | 2 | 03-08-2005 02:53 PM |
| Mozilla Updates Firefox | imported_admin | News & Announcements | 0 | 02-26-2005 04:48 PM |
| Mozilla / Firefox Three Vulnerabilities | Mobo | Security Alerts and vulnerabilities | 0 | 02-08-2005 12:16 PM |
| Mozilla / Mozilla Firefox Window Injection Vulnera | Mobo | Security Alerts and vulnerabilities | 0 | 12-20-2004 08:31 PM |
|
||
|
|
|
It appears you have not yet registered with our community
which limits what you can do & see. It's Free To register, please click here.
Linear Mode
