Language Selection

English French German Italian Portuguese Spanish

Mozilla Firefox Two Vulnerabilities

Filed under
Security

Classified Extremely critical, two vulnerabilities have been discovered in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system.

Description:
Two vulnerabilities have been discovered in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system.

1) The problem is that "IFRAME" JavaScript URLs are not properly protected from being executed in context of another URL in the history list. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site.

2) Input passed to the "IconURL" parameter in "InstallTrigger.install()" is not properly verified before being used. This can be exploited to execute arbitrary JavaScript code with escalated privileges via a specially crafted JavaScript URL.

Successful exploitation requires that the site is allowed to install software (default sites are "update.mozilla.org" and "addons.mozilla.org").

A combination of vulnerability 1 and 2 can be exploited to execute arbitrary code.

NOTE: Exploit code is publicly available.

The vulnerabilities have been confirmed in version 1.0.3. Other versions may also be affected.

Solution:
Disable JavaScript.

Linkage.

More in Tux Machines

Android-powered BlackBerry Venice with a slide-out keyboard reportedly headed to AT&T

Reports from earlier this month that BlackBerry would soon launch a full fledged Android-powered smartphone are looking up. Ex-tipster who still occasionally tips/confirms new devices @Evleaks tweeted earlier today that a device called the BlackBerry Venice is headed to AT&T later this year. He specifically mentioned that this device would be powered by Android and that — here’s the best part — it will feature a slide-out physical keyboard for QWERTY fans. Read more

Top 5 Android phones — July 2015

Then we have our wild cards, two phones are included this quarter, and both deserve some sort of mention. One isn’t available yet, while the other is about to receive a much anticipated successor. Without further ado, let’s dive into the top 5 Android smartphones for July 2015. And please, as always, keep in mind that these are in no particular order; each phone has plenty of pros and cons. Read more

Linux Kernel Gets a Patch for Dell Airplane Mode Switch

A patch has been submitted to the Linux kernel to fix a problem that was really bothering the users of Dell laptops, and that's the ability to use the airplane mode switch. Read more

Today in Techrights