Firefox vulnerability may allow remote code execution

Started by Eric the Red, May 04, 2006, 09:49:49 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Eric the Red

The following security briefing in respect of Firefox was released May 4th, 2006, for versions up to and including 1.5.0.2:

QuoteOVERVIEW:

        Mozilla Firefox contains a vulnerability that may allow a remote
        attacker to execute arbitrary code or create a denial of service
        condition.


IMPACT:

        An attacker may be able to execute arbitrary code by convincing a user
        to visit a specially crafted web site employing the
        contentWindow.focus() method.

You are advised to upgrade Firefox to version Update Firefox to version 1.5.0.3

Full details may be found at this Uniras page.

The latest version may be found at http://www.mozilla.com/firefox/releases/1.5.0.3.html

"The time to start running is around about the "e" in "Hey, you!" "