Monday, May 09, 2005

First (serious) firefox exploit

Yup, you read it right.. a cross-site scripting exploit for firefox 1.x has been released today.. Obviously remote exploitable which can give the attacker system access. I guess it was just a matter of time, let's hope the folks at Mozilla will release a patch RSN.

Until then, you can use the following work-around:
1. Disable JavaScript (always a good thing)
2. Disable the "software installation" function

Read the full report here.

Update: Firefox-1.0.4 has been released, in which the above mentioned exploit has been fixed.

1 comment:

Anonymous said...

Greetings from North Cack-A-Lacky! I enjoyed your thoughts, although I give Firefox even a little more credit than you do, I think ;) See what I mean here: internet explorer error