- Jul 16, 2001
- 17,969
- 140
- 106
Text
Danish security firm Secunia marked the exploit as "extremely critical", its most serious rating, the first time it has given a Firefox flaw this rating.
In recent months, Firefox has picked up market share from Microsoft's Internet Explorer, partly because it is considered less vulnerable to attacks. However, industry observers have long warned that part of the reason the browser is more secure is because it has a relatively small user base. As Firefox's profile grows, attackers will increasingly target the browser
MAY 09, 2005 (TECHWORLD.COM) - Firefox has two unpatched security holes that could allow an attacker to take control of a user's computer system, and exploit code is already circulating on the Internet, security researchers have warned.
A patch is expected shortly, but users can protect themselves in the meantime by switching off JavaScript. In addition, the Mozilla Foundation said it has now made the flaws effectively impossible to exploit by changes to the server-side download mechanism on the update.mozilla.org and addons.mozilla.org sites, according to security experts.
The flaws were confidentially reported to the Foundation on May 2. But by Saturday details had been leaked and were reported by several security organizations, including the French Security Incident Response Team (FrSIRT).
Danish security firm Secunia marked the exploit as "extremely critical", its most serious rating, the first time it has given a Firefox flaw this rating.
In recent months, Firefox has picked up market share from Microsoft's Internet Explorer, partly because it is considered less vulnerable to attacks. However, industry observers have long warned that part of the reason the browser is more secure is because it has a relatively small user base. As Firefox's profile grows, attackers will increasingly target the browser
MAY 09, 2005 (TECHWORLD.COM) - Firefox has two unpatched security holes that could allow an attacker to take control of a user's computer system, and exploit code is already circulating on the Internet, security researchers have warned.
A patch is expected shortly, but users can protect themselves in the meantime by switching off JavaScript. In addition, the Mozilla Foundation said it has now made the flaws effectively impossible to exploit by changes to the server-side download mechanism on the update.mozilla.org and addons.mozilla.org sites, according to security experts.
The flaws were confidentially reported to the Foundation on May 2. But by Saturday details had been leaked and were reported by several security organizations, including the French Security Incident Response Team (FrSIRT).
Facebook
Twitter