Major vulnerability in FireFox on Windows (more?)

2007/07/27 23:35:27 BST

If you use Firefox, especially on windows, read this!

If you fail to take protective measures you could stumble across a webpage which toasts your system.

Geoff wrote me:

Not sure about Linux and OS X – assume the worst.

See http://www.kb.cert.org/vuls/id/783400

For now, consider using another browser. But if you have to use FireFox…

The CERT advisory suggests that you configure FireFox to generate a warning dialog whenever it encounters one of the URLs involved in the exploit.

To do this, start FireFox, enter the URL â€œabout:configâ€, scroll down, and for each of the following entries make sure it is set to “true”.

If it isnâ€™t, right-click the line and choose “Toggle”, which will set the value to “true”

network.protocol-handler.warn-external-default
network.protocol-handler.warn-external.mailto
network.protocol-handler.warn-external.news
network.protocol-handler.warn-external.nntp
network.protocol-handler.warn-external.snews

This will at least give you a warning that Firefox is being asked to do something suspicious; you will have to judge for yourself whether it is nasty.

⊞

Comments

5 responses to “Major vulnerability in FireFox on Windows (more?)”

2007/07/28

Samizdata.net

Major vulnerability in FireFox on Windows…

A public service warning! You surf the internet at random using FireFox (which generally you should), you may stumble across a website, which could infest your machine with a virus. But this is nothing new, I have heard about these evil websites full o…

Reply
2007/07/30

Glenn

source codebase looks like it’s fixed (patch). But not sure when a release will be out??

Reply
2007/07/30

Brian Utterback

The advisory explicitly states that only the Windows version is vulnerable. That having been said, I’m enabling the warnings anyway.

Reply
2007/07/31

within the crainium

Firefox vulnerabilitiy…

If you’re a Firefox user, here’s something you might want to know about. Major vulnerability in FireFox on Windows (more?) If you use Firefox, especially on windows, read this! If you fail to take protective measures you could stumble across……

Reply
2007/07/31

David Shaw

IT’s fixed now, my version just updated itself with patch 2.0.0.6 which has the fix in it

Reply

Dropsafe

Major vulnerability in FireFox on Windows (more?)

Comments

5 responses to “Major vulnerability in FireFox on Windows (more?)”

Leave a Reply Cancel reply

More posts

UK Government King’s Speech proposes “Cyber ASBO” with obvious risk of scope creep into censorship

Don’t take away our freedom to play games when we want | 38 Degrees

‘Von der Leyen Announces the EU’s New Age Verification App Claiming it is “Completely Anonymous” & users “Cannot be Tracked”’ | …the EU is about to have its ‘Clipper’ moment

From 2019: ‘If there were 5 million “bad people” on Facebook – terrorists, criminals, drug-dealers, whatever – that would be 0.2% of the userbase’