Mozilla: 'Firefox 1.5 doesn't make a mistake?'
A private security firm has just warned a security flaw in the open-source browser Firefox 1.5 and thinks the exploit code could be changed for remote code execution attacks. However, Mizilla officials rallied
However, Mizilla officials denied this information and argued that this security flaw caused more frustration than a serious security error.
The code for exploiting the security vulnerability above has been published on PacketStormSecurity.org website. This code targets exploiting buffer overflow errors in Firefox 1.5 - Mozilla's latest browser version.
This exploit code has proven to be capable of actually exploiting that security bug of Firefox 1.5 running on the Windows XP SP2 platform. This is an error caused by this browser method to process a large source of large historical access history data.
A malicious attacker can 'fill' the browser's 'history.dat' file with a large amount of information by tricking users into visiting a dangerous website containing the title. beyond the prescribed level. If this error is exploited, it will be difficult for users to reopen the browser.
Mike Schroepfer, Mozilla's vice president of engineering, said the initial investigations showed that the security error was not likely to be exploited to launch attacks to execute remote code. .
' Attack by executing malicious code remotely is unfounded. We have not received any notifications both from outside and internally about denial of service issues. At this point we can confirm that we do not have any concrete evidence that this is a serious security error. This is exactly something more frustrating for users . '
Schroepfer said Mozilla's experts used analytical tools and showed that there was no sign that the browser used a large amount of CPU or system memory resources. .
Security firm Secunia agrees with Schroepfer's point.
Secunia recommends that users remove the history.dat file or reconfigure it, allowing the browser to delete the entire history of the browser access history information every time the browser is closed ( Tools> Options> Privacy> Settings ).
The release of the ' zero-day ' exploit code for Firefox also put Mozilla and the dangerous situation when the company was trying to spread its browser as an alternative to Internet Explorer. Microsoft.
According to the latest statistics of the company that provides Web metering tool, Firefox's market share is still increasing, reaching 8.84% in November due to IE's continuous exploitation of losses. security vulnerability.
- Firefox 1.5 set a record with 2 million downloads in 3 days
- Mozilla recommends that users upgrade Firefox
- Mozilla advertising for Firefox Video
- Firefox 1.5 RC1 can automatically update
- Mozilla Firefox browser is exploited
- Mozilla postponed the launch of Firefox 2.0
- Mozilla patched 20 critical vulnerabilities in Firefox and Thunderbird
- Mozilla tested the new Firefox browser
- Mozilla accelerates Firefox 3
- Mozilla launched Firefox 1.5.0.1
What is the Snapdragon SiP chip? How to create a yellow circle around the mouse cursor on Windows Edit the Boot.ini file in Windows XP 3 ways to restart the remote computer via the Internet Vietnam computer market: Looking back a year How to restore deleted applications on Android How to increase the capacity of C drive on Windows 10, 8, 7 ... 8 security features of Windows operating system