Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Mozilla Firefox 1.0.3 Exploit

Posted by CmdrTaco on from the happens-to-every-browser dept.

An anonymous reader writes "News sources are reporting that a 'killer' new Firefox exploit has been revealed today by FrSIRT who warn that this 0day exploit/vulnerability (as yet unpatched) should be rated as critical. Summary of the exploit: If a user clicks anywhere on a specially crafted page, this code will automatically create and execute a malicious batch/exe file. Proof of concept code supplied by FrSIRT."

2 of 596 comments (clear)

  1. Yup - secure... by Anonymous Coward · · Score: 5, Interesting

    Maybe it's time to accept Firefox has it's fair share of exploits?

    And the best part, is the patch management system in Firefox is so damn poor (ie. non-existant), getting these patches distributed to end-users is a real damn chore (assuming they are distributed at all).

  2. Are you sure? by naelurec · · Score: 5, Interesting

    Just curious, I downloaded the page and loaded it up on several systems:

    Win XP, Firefox 1.0.3
    Win 2k, Firefox 1.0.3
    FreeBSD, Firefox 1.0.3

    and none of them did anything. The javascript looks like it should save a file (c:\booom.bat) and run it which should echo "malicious commands here" and wait for a keypress.

    Is this truly an issue with Firefox and not some other software? If so, any ideas why it doesn't work?