by Scott M. Fulton, III February 6, 2009
Some of Mozilla's best researchers into the field of cross-site scripting discovered another instance where code from one site can be made to control the interface of another. As it turns out, version 3.0.6 software contains the fix. Users of Firefox 3 began seeing notices yesterday that version 3.0.6 has been formally released. Along with those notices is a complete list of bug fixes and addressed issues, one of which is the revelation of a potentially serious -- though far from blatantly obvious -- series of exploitable flaws that could lead to the execution of arbitrary code. In fact, were it not for the contributions of open source researchers including the now-legendary moz_bug_r_a4, very few malicious users may have ever discovered these flaws on their own. As Mozilla developers know, the Firefox Web browser, the Thunderbird e-mail client, and the Netscape Navigator-like SeaMonkey comprehensive Internet utility all use JavaScript for the rendering of their front ends, controls, and gadgets. It's a very easy language to manipulate, and for supporting developers to make add-ons for.
Read more here -->Link
No comments:
Post a Comment