Users of the Mozilla and Firefox browsers and the Thunderbird e-mail client may be vulnerable to flaws that could allow an attacker to spy on or take over a system, according to security researchers.
The most serious bug affects all versions of Mozilla earlier than 1.7.5, and could result in a system crash or the execution of malicious code, the Mozilla Project said. A boundary error in the way Mozilla handles "news://" addresses can be used to cause a heap-based buffer overflow, which crashes the application and may allow for code execution, according to an advisory from Maurycy Prodeus of iSEC Security Research, who discovered the flaw.
An attacker could exploit the bug by creating an overly-long "news://" link, distributed in an e-mail or on a Web page, and enticing a user to click on it. Such methods have been successfully used to spread worms. Mozilla version 1.7.5 fixes the problem. Independent security research firm Secunia gave the bug a "highly critical" rating.
Read this full article at Computer Security News
|
|
Only registered users can write comments.
Please login or register.
Powered by AkoComment!