All the latest UK technology news, reviews and analysis
|
|
|
10 Jan 2005
Security experts have found a critical flaw in the Mozilla browser, days after the disclosure that the Firefox browser was vulnerable to phishing scams.
The flaw is in the browser's handling of the Network News Transfer Protocol (NNTP), which is used to post and distribute Usenet messages. All Mozilla browsers before version 1.7.5 have the flaw.
Further reading
In order to exploit the flaw hackers would have to craft a long news:// address and which would crash the application and possibly allow code to be inserted onto the target machine.
"I found a flaw in NNTP handling code which may cause heap overflow and allow remote attacker to execute arbitrary code on client machine," said Maurycy Prodeus, from security firm iSEC security research.
"On my RedHat 9.0 with Mozilla 1.7.3 attached proof of concept code overflows the buffer using attacker-supplied data. I decided to make this bug public because Mozilla Team hasn't warned users."
Mozilla recommends users upgrade their browsers to the latest version (found at http://www.mozilla.org/products/mozilla1.x/) to solve the problem.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Support Analyst x 1/2 Skills: Apple Mac OSX, Windows...
Network Consultant - London - 55-65k My client are...
A leading global provider of critical information to...
Playstations and table football in the kitchen? Standard...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?