Weekly Security Tip: Firefox 1.07
Attention, all FireFox users (oh yeah, or Mozilla or Netscape users)! On September 22, the Internet browser Firefox released a security update of utmost importance that should installed immediately. The update patches two “critical” security flaws that had been recently discovered. One of the flaws is only for Linux users, while the other affects any users of the browser.
The vulnerability in FireFox is a buffer overflow that can be caused by the way that the browser handles IDN’s (International Domain Names). This vulnerability can be triggered by visiting a specifically created link out of an email or website. Once this link is selected, the browser’s flaw will allow the injection of malicious code that lets the attacker take control of your system. You don’t actually download anything or even open an attachment, just click the link out of either medium (email or a website) and they got you. This is one hard-to-avoid trap.
This flaw is also present in other browsers based off the same code, like Mozilla (1.7-prior), and Netscape (8.03-prior). Firefox’s patch to fix this security hole also fixes both of the flaws with the browser (Windows/Linux), so if you’re a FireFox user like me, get yourself out to their site and download the new version of FireFox.