From:
http://www.securityfocus.com/news/9085
Code:
A popular browser for Windows is subject to a security hole that creates a means for hackers to run malicious code on vulnerable machines. But this time, the vulnerability involves Mozilla and Firefox browsers - not Internet Explorer.
Security researchers have discovered that users could be attacked by hackers using a bug in how Mozilla and Firefox handle the "shell:" function in windows. The function enables websites to invoke various programs associated with specific extensions. But flaws in Mozilla's implementation create a way for a skilled hacker to execute arbitrary code on vulnerable Windows machines. Information on the bug was posted onto a full disclosure security mailing list earlier this week.
The flaw affects Mozilla and Firefox on Windows XP or Windows 2000 only.
The Mozilla Foundation yesterday issued a patch that resolves the flaw by disabling the use of the shell: external protocol handler. Alternatively users are advised to update their systems to the latest version of Mozilla (1.7.1), Firefox (0.9.2).
I've also noticed in my research on this "fox hole" that the underlying shell: function has been a part of Mozilla browser for nearly two years - I'm wondering why it took so long for the fix to be reported and why subsequent releases did not discover it... I acknowledge that the patch was released in a timely fashion...
The primary point I wish to portray is that the "fox den" is NOT the 'safe haven' it is mistakenly made out to be... Another two-year-old fox hole can just as easily be stepped in and tripped over next week...
This first posting of shell: concerns to Mozilla.org was on 9/9/2002...
9/9/2002 to 7/9/2004 - by my calendar, that's 670 days, not *one*...
The vulnerability was reported July 7 this year.
Quote:The primary point I wish to portray is that the "fox den" is NOT the 'safe haven' it is mistakenly made out to be... Another two-year-old fox hole can just as easily be stepped in and tripped over next week...
Sure thing, life is never safe. Tomorrow we could be hit by a brick falling from the roof and adieu...
It was reported on 7/7/2004 that the "9/9/2002 concern" was validated via a "in the wild" encounter...
I guess the only real point I "aim to proclaim" is the importance of updating your software...
Of course, I suppose I can easily return to my Commodore 64 and test its secureness on the 'net - of course, I'd have to make my own modem for it (because Al Gore had not invented the internet yet)...
LOL
Quote:I guess the only real point I "aim to proclaim" is the importance of updating your software...
...and to use Proxomitron. The first shell protocol blocking filter appeared more than two years ago.
Amen to that - I don't surf without it...
And refuse to "trust" ANY site - I was banned from Arne's site because I refused to place him in my bypass list... Didn't bother me, I 'got in' via anonymous proxies anyway... And Arne started "micro-managing"... It was almost clear to see that he was on his way out...
ProxRocks Wrote:I was banned from Arne's site because I refused to place him in my bypass list...
LOL!
Well, I'm thinking of removing most of the sites from my Bypass list....guess I should get to it!
My bypass list consists of only four items:
Windows Update
Office Update
Yahoo Messenger login
Norton Internet Security updates
That's it - EVERYTHING else gets filtered...
Not because I don't "trust" everything else, more because I'm a cosmetic nut - if I don't so much as like the size of something, I change it or axe it completely (of course, only if it's one of my "daily visitations")...
Even the three cookies that I don't fake have to jump through Proxo...
I actually don't have any sites in my bypass list. It is quite rare for me to need to bypass a site.
Sorry I have two; windows update,local.ptron.
Quote:Even the three cookies that I don't fake have to jump through Proxo...
Now I'm curious. What do you do to fake cookies, or do you use Scott's "monster" fake cookie?
For example, straight from sidki's IncludeExclude list:
Code:
# New York Times
# -----------------------------------------------------------------------------
#
# Subscribe:
([^.]+.|)nytimes.com/ $SET(keyword=.fakecookie.)
$SET(fcookie=NYT-S=1gz5yeb46ZuyXztZQ6.II7M5muiyHTbkcsZv9e.V/KdwwzQwUduKv2ZkvLOOdsyetwr.kKeI4T8ezECZTGPGQ/4O9JSHysPoXEl/B6iWk8lHU0)
besafe Wrote:Sorry I have one; windows update.
Hmm... don't you guys have local.ptron in your bypass lists anymore?
I see it's in the default list - wonder if it's still needed...
sidki