Regarding my last post, there has been an update:
http://www.mozillazine.org/talkback.html?article=6582
Apparently this exploit is a lot worse than I thought. It can disguise itself as either addons.mozilla.org or update.mozilla.org.
Turned out that the bug was orginally discovered by Paul of Greyhats Security Group and Michael "mikx" Krax. It was reported last May 2th, and somehow the info of that bug was leaked which resulted in multiple bug reports on this exploit.
The site (addons.mozilla.org and update.mozilla.org) changed their urls to donotadd.mozilla.org and warned users do not add the url to the whitelist. That way, the exploit can't be used.
According to MozillaZine, Firefox 1.0.4 is in the work to address this exploit and will be released shortly.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment