Firefox 1.0.3 Javascript Hole

An Ad

Integrate business news on your website free of charge and offer your visitors up-to-date content! Click here for more information.

As heise reported yesterday already the latest version of the free Firefox browser contains a bug that allows modified websites to download and run programs that may install malicious software.

The problem is related to the Add-On Extension module and was verified in version 1.0.3 but not in 1.0.2. Websites modified with specific Javascript may use this bug to install software on the local drive and then execute it. This way attackers can infect PCs with trojans or viruses. The exploit is currently only known as proof of concept; no harmful infections have been reported yet.

The Mozilla Foundation recommends to deactivate the feature Allow web sites to install software. This can be done under Tools > Options > Web-Features. Alternatively, users may also deactivate Javascript completely, which may lead to problems with accessibility and usability of websites, however. A patch to this problem is currently not yet available.

Sources : http://www.heise.de/security/news/meldung/59374