Language Selection

English French German Italian Portuguese Spanish

Unpatched Firefox flaw may expose users

Filed under
Moz/FF
Security

A new, unpatched flaw in that affects all versions of Firefox could let attackers surreptitiously run malicious code on users' PCs, a security researcher has warned.

The problem lies in the way Firefox handles Web links that are overly long and contain dashes, security researcher Tom Ferris said in an interview via instant messaging late Thursday.

He posted an advisory and a proof of concept to the Full Disclosure security mailing list and to his Security Protocols Web site.

The security vulnerability is a buffer overflow flaw that "allows for an attacker to remotely execute arbitrary code" on a vulnerable PC, Ferris said. An attacker could host a Web site containing the malicious code to exploit the flaw, he said. Though his proof of concept only crashes Firefox, Ferris claims he has been able to tweak it to run code.

Severity:
Critical

Vendor:
Mozilla

Versions Affected:
Firefox Win32 1.0.6 and prior
Firefox Linux 1.0.6 and prior
Firefox 1.5 Beta 1 (Deer Park Alpha 2)

Full Story.

More in Tux Machines

European Greens RFC: ‘Transparency implies use of open source’

The Greens/European Free Alliance in the European Parliament want to find out for once and for all if the use of free and open source software is essential for the democratic institution. The political group is asking for comments on a study linking the use of free software to the European Parliament’s principles of openness and right to information. Read more

Top 3 open source alternatives to Google Analytics

Let’s start off by taking a look at the open source application that rivals Google Analytics for functions: Piwik. Piwik does most of what Google Analytics does, and chances are it packs the features that you need. Those features include metrics on the number of visitors hitting your site, data on where they come from (both on the web and geographically), from what pages they leave your site, and the ability to track search engine referrals. Piwik also has a number of reports and you can customize the dashboard to view the metrics that you want to see. To make your life easier, Piwik integrates with over 65 content management, ecommerce, and online forum systems like WordPress, Magneto, Joomla!, and vBulletin using plugins. With anything else, you just need to add a tracking code to a page on your site. Read more

AN EARLY VIEW OF GTK+ 3.16

We’ve had long-standing feature requests to turn scrollbars into overlayed indicators, for touch systems. An implementation of this idea has been merged now. We show traditional scrollbars when a mouse is detected, otherwise we fade in narrow, translucent indicators. The indicators are rendered on top of the content and don’t take up extra space. When you move the pointer over the indicator, it turns into a full-width scrollbar that can be used as such. Read more