Firefox clipped with critical vulnerabilities
Two extremely critical security vulnerabilities have been discovered in the Firefox Web browser. The flaws could be exploited to conduct cross-site scripting attacks and compromise a user’s system.
The Mozilla Foundation notes that as the vulnerability requires the attacker to trigger an install that appears to come from a whitelisted site, simply disabling software installation in the Preferences eliminates the problem.
However, because the Mozilla Foundation controls all of the sites in the default software installation whitelist, it has been able to take preventative action by placing more checks in the server-side Mozilla Update code and moving the update site to another domain. Users who have not added any additional sites to their software installation whitelist are no longer at risk, the Foundation says.
A Firefox 1.0.4 update is expected ‘shortly’.
For more information about these flaws go to secunia.com/advisories/15292.