Inside Links
Sponsored Links
Recent Entries
- Users aren't as savvy as they think
- Subliminal ads in spam
- MS Exchange anti-spam review
- Complexity in the spam world
- Rogers Wireless wants voicecasting banned
Ad Content
Search Spamblogging
Recent Comments
- steak on FireFox security hole
- steak on FireFox security hole
- drob on FireFox security hole
- hmmm on FireFox security hole
- bobby on FireFox security hole
Archives
Creative License
Feeds
The Buttons
May 08, 2005
FireFox security hole
There is currently a security hole in FireFox which allows a page to install and run code on your machine. This page shows an example of it working (or not working, depending on your outlook towards such things) - note that it exploits the hole. That page doesn't appear to do anything destructive, but if you don't even want to see the security hole in action - don't bother going there.
If you want to correct this, then you can go to Options -> Web features and uncheck "Allow web sites to install software" in FireFox. Or you can install the latest nightly build - or wait for the next update.
I don't know if this applies to all platforms or just Windows.
Posted by Eric at May 8, 2005 02:13 PM
| TrackBack
Comments
I have firefox 1.02 and it doesnt do anything.
Posted by: Kevin at May 8, 2005 10:27 PM
Is this an exploit in the sense that someone could monkey with your machine by pretending to be one of the allowed sites (e.g., update.mozilla.org), or is it more sophisticated than that?
Posted by: Aziz at May 8, 2005 10:49 PM
Le zzzzz
Posted by: moi at May 8, 2005 10:58 PM
Anyone that has the browser set to allow software to be installed is asking for trouble from the gitgo. The reason there are so many security problems is because most people are too stupid to take responsibility for their online safety and take the necessary steps to prevent most malicious attacks.
Posted by: Michael at May 8, 2005 10:59 PM
1.7.5 here and nothing except the hourglass turns. Am I missing something?
Posted by: bob at May 8, 2005 11:03 PM
Heh, Firefox.
Switch, and get Safari. You'll thank yourself later.
Posted by: Nell at May 9, 2005 02:03 AM
The fact that your hourglass is turning is the point, if you click on the page nothing should happen unless you are opening a pic or something like that.
Posted by: bobby at May 9, 2005 02:32 AM
Allow web sites to install software disabled. Result.
Allow websites to install software enabled for only addons..mozilla and update.mozilla. Same result.
What am I missing?
Posted by: hmmm at May 9, 2005 02:53 AM
All my firefox says is done. Nothing like what's described in the code. Popup windows etc.
Posted by: drob at May 9, 2005 04:25 AM
security hole ?!?!?!
Who would have thought that web sites could install software when the "Allow web sites to install software" button is checked?
no shit...
Anyone who has this box checked deserves a virus that lets his or her computer explode anyway…
computer vulnerability only reflects the knowledge level of its user...
couldn't agree more with Michael...
Posted by: steak at May 9, 2005 10:32 AM
OMG!
"At my day job, part of my duties are as a sysadmin."
i just read that in another blog of yours.
good luck to you and your company....
Posted by: steak at May 9, 2005 11:35 AM
Post a comment
Listed below are links to weblogs that reference 'FireFox security hole' from spamblogging.
Excerpt: Since a huge percentage of blog readers user Firefox (according to my anecdotal numbers, a lot more than the general population), you may want to check out the rumor (exaggeration?) of a FireFox security hole. ...
Weblog: Myopic Zeal
Tracked: May 9, 2005 11:36 AM
Interestingly, I don't seem to get any warnings or command prompt windows loading. Is there something I'm supposed to see here?
Posted by: drob at May 8, 2005 10:14 PM