2005 - 1,031 views,

Summary: A Firefox flaw which allowed for remote code execution was publicly disclosed yesterday. Today Mozilla, who distributes the Firefox software, released a patch for the Firefox flaw.

Previous Article « Free Wifi on City Buses - Public Transit Provides Public Transmit
Read Next Article » Video Headstone - Vidstone’s Serenity Panel Celebrates Life, After Death

A critical security flaw in Firefox was disclosed yesterday, and patched today. Now that’s what I call quick service.

The flaw in Firefox was a buffer overflow flaw which allowed remote code execution, if exploited, meaning that people could access your system remotely, and run programs and do other nasty things on your computer, all from afar, and without your knowledge.

The flaw was discovered by independent security researcher Tom Ferris, who reported the flaw to Mozilla. However, according to a CNet report, Ferris “decided to publicly disclose the flaw after a run-in with Mozilla staff.”

“We’d like to make sure that by the time something goes public, we have a solution for the users,” said Mike Schroepfer, a director of engineering at Mozilla, yesterday, explaining that “We believe there is a buffer overflow issue. We are still determining whether it is exploitable by attack.”

Today they released a patch for the flaw, along with the following explanation:

“On September 6 a security vulnerability affecting all versions of Mozilla Firefox and the Mozilla Suite was reported to Mozilla by Tom Ferris and on September 8th was publicly disclosed.

On September 9, the Mozilla team released a configuration change which, as a temporary measure to work around this problem, disables IDN in the browser. IDN functionality will be restored in a future product update. The fix is either a manual configuration change or a small download which will make this configuration change for the user. ”

So there you have it. You can get the manual fix, or the patch, for the Firefox flaw here.

Previous Article « Free Wifi on City Buses - Public Transit Provides Public Transmit
Read Next Article » Video Headstone - Vidstone’s Serenity Panel Celebrates Life, After Death

Email the link for this page to a friend!

» New Critical Internet Explorer (IE) Flaw Involves Msdds.dll

» Apple Releases New Batch of Patches, Fixes International Domain Names Phishing Flaw in Safari

» Windows ActiveX Flaw Still Active After Patch

For additional similar stories check out our archives on Apple & Mac, Security, Windows

No Comments »

No comments yet.

RSS feed for comments on this post.

Warning! All comments which contain URLs and are clearly just spam to generate a link back to the URL will be deleted on sight. Don't bother wasting your time!
If you are going to include a URL in your comment,
please keep it under 25 characters in length,
or use TinyURL to shorten it before including it in your comment.
Line and paragraph breaks are automatic, your email address is never displayed.
HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

About

About TIP

About Anne

Follow Anne On:

Twitter
Linked In
Facebook
MySpace

Read The Internet Patrol on Your Kindle here!

(Don't have a Kindle? Read about and get one here.)

Categories

Amazon
AOL
Apple & Mac
Around the World
Bargains
Bluetooth
Boneheads
Books
Cell Phones
eBay
Email
Email Hosting
Everything Else
facebook
File Sharing & P2P
Gaming
Good Guys
Google
Gotchas
GPS
Hacking
Handhelds & PDAs
Identity Theft
Instant Messengers
Internet Explorer
Internet Law
Internet Marketing
Internet Providers
Internet Television
Internet Video
iPods & MP3
Just Plain Wrong
Microsoft
Music Download
MySpace
Oddities
Online Dating
Over 18
Paypal
Phishing
Pirates
Podcasting
Privacy
Reviews
RFID
Scams
Security
Sidekicks
sms
Social Networking
Society
Spam
Spam Blockers
Spam Whacks
Spyware & Adware
text messaging
Tivo & ReplayTV
Useful & Fun Stuff
Video Downloads
Virus & AntiVirus
VoIP
What Do You Think?
Windows
Wireless Wifi
Worms
Yahoo

Get a FREE summary of the week's articles every Friday!
We NEVER share your email address, and you can stop them any time!

Be sure to watch for the confirmation email!

Last 3 Articles

How to Easily Create Pop-Ups for Your Website - Cool Post-It Note Effects and More
New Mail Goggles from Google Keeps You from Drunk Driveling
Teen Faces Child Porn Charges for Sending Nude Cell Phone Pics of Self

Recent Comments to Our Articles

→ Says "gunner": as to the young lady who sent the nude pics of herself via her cell phone, i don't think it very bright, but hardly "criminal" read

→ Says "gunner": that's odd, i've never seen a pop-up advert, or a pop-up warning on auntie's newsletter. she does carry ads, they help pay the rent, but read

→ Says "gunner": "jannyboy" reply #89 gives excellent advice, no one is going to give "free money" at random, most certainly not bill gates,coca-cola or any other company. read

→ Says Bob H.: I agree with Gary, Kill the damm non-closeable POP-UPS.... worse than SPAM, atleast SPAM I can Kill. Bob read

→ Says Gary Gordon: If you keep inserting pop-us that Can't Be Closed in the middle of the page, I'm thru with your site. ps: I'm already enrolled for read

→ Says BoroRenter: terry James just did the same thing. You would think they would change the game up a little at least. read

→ Says Dancing_Banana's: It's still down and getting me annoyed.. read

→ Says Maddie: Does the zune have free texting? read

→ Says jannyboy: People, the best way to know if an e-mail is a scam or not is to know that there never has, and never will be read

→ Says david: Company truly sucks. I only saw an international number in the UK to cancel. I ended up finding a way to do it read

→ Says Carlos: 1.- i called my carrier (sprint) and they "blocked/refund" the 9.99 charge from Freeze Mobile. 2.- they gave me the number: 866-313-7157.. 3.- called twice, read