BEIJING, July 20 (Xinhuanet) -- The first major security flaw found in Firefox 3.5, the Mozilla Internet browser, may have been fixed after the company released a patch. However, further vulnerabilities may still exist in the main competitor to Microsoft's Internet Explorer.
Despite being recently updated to version 3.5.1, technology website Security Focus says issues may still make the browser vulnerable to attacks. "Mozilla Firefox is prone to a remote denial-of-service vulnerability," Security Focus states on its website. In addition it claims successful exploits may allow an attacker to deny service to legitimate users. Affecting both Firefox versions 3.5.1 and prior editions, Security Focus reports a stack buffer overflow vulnerability exists.
The vulnerability, which comes about from the software's Unicode text handling system, allows a remote attacker to execute arbitrary code simply by embedding it into a web site. As soon as the visitor hits the affected page, the software crashes, leading to a denial of service attack, and under certain conditions the code will be executed by Windows.
This is the second such vulnerability to be discovered in the popular open source browser. And while Mozilla were quick to release Firefox 3.5.1 to patch the first security flaw, so far there appears to be no fix for the latest reported hole.
Firefox - whose catch phrase is Faster, Safer, Smarter, Better - released a press release on Sunday (July 19) stating that reports "incorrectly indicated that this is an exploitable bug." The statement went on to say that analysis indicated it was not exploitable and that Mozilla had not seen "any example of exploitability [sic]." However, despite reassurances from Firefox's parent company Mozilla, reports persist that the "exploit" may still exist.
Internet browsers are continually having to be updated and patched in what has become a cat and mouse game with hackers attempting to take control of computers and glean information. Last December millions of Internet Explorer users around the world were told not to use their browser for several days until Microsoft found a patch to a serious security hole.
(Agencies)
没有评论:
发表评论