Australian IT JOBS : Sydney IT jobs, UNIX jobs, Linux jobs, Java jobs, ASP jobs Linux.conf.au Linux.conf.au
Technology news and Jobs arrow Information Technology News arrow Mozilla patches Firefox and IE flaw but no Microsoft fix
Mozilla patches Firefox and IE flaw but no Microsoft fix PDF Print E-mail
Written by Stan Beer   
Thursday, 19 July 2007
The not profit Mozilla Foundation, which administers the open source Firefox web browser has patched a critical hole that could enable Microsoft's Internet Explorer to infect users' computers with malware by launching a Firefox session from a malicious website. However, Microsoft has yet to issue a fix for the bug which still exposes IE users to malware if they visit a bad website.

According to Mozilla Foundation Security Advisory 2007-23 , "the vulnerability is exposed when a user browses to a malicious web page in Internet Explorer and clicks on a specially crafted link. That link causes Internet Explorer to invoke another Windows program via the command line and then pass that program the URL from the malicious webpage without escaping the quotes. Firefox and Thunderbird are among those which can be launched, and both support a "-chrome" option that could be used to run malware."

In a newly issued Firefox update, version 2.0.0.5, which can be downloaded now, there is a fix that prevents Firefox and Thunderbird from accepting bad data. However, the atch doesn't fix the hole in Internet Explorer, which can still call other Windows applications, which in turn can be manipulated to execute malicious code.

So what's the solution, according to Mozilla? No prizes for guessing: only browse the web with Firefox.

The latest security blowup can only add to Microsoft's woes in the browser space. Recent reports show that the take-up of Internet Explorer 7 has been slow and all versions of the once dominant IE are losing market share to Firefox pretty much everywhere, but especially in Europe where Firefox now has about one third of the market.

Tags See All Tags


Internet  Stan Beer  browsers 

Get stories like this delivered daily - FREE - subscribe now
When you subscribe get a 12 months license for LiveProject
Valued at $99 USD


LiveWire - Desktop alerts Download the FREE iTWire desktop alert widget LiveWire - Desktop alerts


Del.icio.us!
 
< Prev   Next >
JobsWire Technology Jobs in Melbourne
Active Directory  Apache  Software Architect  C#  C++  Cisco  Citrix   Cognos  Coldfusion  CRM  Crystal Reports  Software Development  ERP  HTML  IBM  IT Infrastructure  ITIL  J2EE  Java  LAN/WAN  Linux  Lotus Notes  MS Project  .NET  Oracle  SDLC  SQL  IT Support  IT Training  UAT  UML  Unix  XML
  JobWire - IT Jobs
Contact , Register , Advertise with iTWire , Links , Register , About iTWire , Feedback , Post your jobs , Events , iTWire site map , Start Blogging
Industry Releases , Submit your release now , Start submitting to iTWire , How to post video