Feeds

Mozilla and Firefox flaws exposed

Mixed bag

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Mozilla and Firefox users were warned of a number of potentially troublesome security vulnerabilities this week.

The most serious flaw involves a buffer overflow bug in the way Mozilla processes the NNTP (news) protocol. The bug creates a means for hackers inject hostile code into vulnerable systems, providing they trick users into executing maliciously constructed news server links. All versions of Mozilla prior to 1.7.5 are affected. Firefox users are advised to make sure they are running version 1.0 to minimise any risk. The flaw was discovered by Maurycy Prodeus of Polish firm iSEC Security Research.

Next up, Secunia has discovered a flaw that creates a means to spoof the source displayed in the Firefox's download dialog box. The vulnerability has been confirmed in Mozilla 1.7.3 for Linux, Mozilla 1.7.5 for Windows, and Mozilla Firefox 1.0. Other versions may also be affected, Secunia warns. It advises Firefox users to avoid download links from untrusted sources pending the availability of patches from the Mozilla project.

Finally, there's a less serious problem affecting Firefox and its email client Thunderbird. Security researchers have found that temporary files are stored by the popular packages in a format that makes it possible for snoops to read the content of downloads and attachments of other users on the same machine.

An overview of these flaws and suggested workarounds can be found here. ®

Related stories

Poison applet peril affects IE, Opera and Firefox
Firefox.de in adware rumpus
Firefox 1.0 limbers up for launch
Is Microsoft creating tomorrow's IE security holes today?
MS quashes infamous Bofra bug

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.