CNET - Attack code published for Firefox flaw
Friday, 23. September 2005, 14:02:26
CNET reports that attack code that exploits flaws in Mozilla's Firefox web browser V.1.06 has been published on the Internet and it is dangerous. Two reports follow. The first is from CNET and the second is from the Mozilla foundation announcing V.1.07 of the Firefox browser is available for download so users can be protected from the malicious threat.
Attack code published for Firefox flaw
By Joris Evers, CNET
Story last modified Thu Sep 22 22:26:00 PDT 2005
Computer code that could be used to attack Firefox, Mozilla Suite and Netscape users has been released on the Internet. The release of the attack code comes days after Mozilla released an updated version of Firefox to fix several security flaws, including the bug exploited by the code. A fixed version of the Mozilla Suite is also available, but Firefox-based Netscape has yet to be updated. The Netscape browser is a product of Netscape, which is a division of Time Warner's America Online subsidiary. An AOL spokesman had no comment on Thursday.
The attack code exploits a vulnerability that was disclosed two weeks ago. The flaw lies in the way the browsers handle International Domain Names, or IDNs, which are Web addresses that use international characters. Hackers had been working to exploit the flaw and had said the code would be released after fixes were available. The exploit could let attackers run code remotely on vulnerable computers and works on Firefox, Mozilla and, in some cases, Netscape, according to security researcher Berend-Jan Wever, who published the code. Mozilla has urged users to upgrade to the latest versions of its products.
Firefox 1.07 is released This release contains a number of security fixes over top of 1.0.6. It does not contain any new features; new features will be available when 1.5 in released. All users of Firefox 1.0.x are strongly advised to upgrade. Download site here http://www.mozilla.org/products/firefox/
Users of Norton Internet Security (NIS) may not be able to connect to websites following the upgrade.
Attack code published for Firefox flaw
By Joris Evers, CNET
Story last modified Thu Sep 22 22:26:00 PDT 2005
Computer code that could be used to attack Firefox, Mozilla Suite and Netscape users has been released on the Internet. The release of the attack code comes days after Mozilla released an updated version of Firefox to fix several security flaws, including the bug exploited by the code. A fixed version of the Mozilla Suite is also available, but Firefox-based Netscape has yet to be updated. The Netscape browser is a product of Netscape, which is a division of Time Warner's America Online subsidiary. An AOL spokesman had no comment on Thursday.
The attack code exploits a vulnerability that was disclosed two weeks ago. The flaw lies in the way the browsers handle International Domain Names, or IDNs, which are Web addresses that use international characters. Hackers had been working to exploit the flaw and had said the code would be released after fixes were available. The exploit could let attackers run code remotely on vulnerable computers and works on Firefox, Mozilla and, in some cases, Netscape, according to security researcher Berend-Jan Wever, who published the code. Mozilla has urged users to upgrade to the latest versions of its products.
Firefox 1.07 is released This release contains a number of security fixes over top of 1.0.6. It does not contain any new features; new features will be available when 1.5 in released. All users of Firefox 1.0.x are strongly advised to upgrade. Download site here http://www.mozilla.org/products/firefox/
Users of Norton Internet Security (NIS) may not be able to connect to websites following the upgrade.
WIDGETIZE