Home Archive Forum About
Critical Firefox Security Flaw Discovered
Posted by Donster on: 2007-07-10 14:45:46 620
Firefox and IE together brew up security trouble

By Dawn Kawamoto @ CNet News

UPDATE: Blame them both.

That's the latest update from security researchers who initially laid the blame on Microsoft's Internet Explorer for the latest zero-day exploit.

"Firefox is the current attack vector but Internet Explorer is to blame for not escaping ? (quote) characters when passing on the input to the command line," said security researcher Thor Larholm, in response to a reader's comments. "I agree that Firefox could have registered its URL handler with pure DDE instead and thereby have avoided the possibility of a command line argument injection, but IE should still be able to safely launch external applications safely."

Read more...
News Source: Email

Related Stories


Post New Comment
Note: Comments have been disabled.
Icon:
                 
                 
Message:
Include my profile signature.
Disable smilies in this post.
Disable block tag code.
Add [url] tag at URLs.


© 2024 COMBATSIM.COM - All Rights Reserved