Wednesday, May 11, 2005

Attention Firefox Users: Public Service Announcement

Mozilla Foundation wrote the following Security Advisory:
Two vulnerabilities were found in Mozilla Firefox that combined allow an attacker to run arbitrary code. The Mozilla Suite is only partially vulnerable.

[Ed: Translation, it's bad... very bad!]


The Mozilla Foundation has made changes to our update servers that will protect users from this arbitrary code execution exploit. Users who have added other extension or theme sites to the software installation whitelist should remove them until a fixed version of Firefox is available.

1. Select the "Options" dialog from the "Tools" menu
2. Select the "Web Features" icon
3. Click the "Allowed Sites" button on the same line as the "Allow web sites to install software" checkbox
4. Click the "Remove All Sites" button
5. Click "OK"

To prevent the script injection exploit from stealing cookies or other sensitive data disable Javascript before visiting untrustworthy sites. In Firefox:

1. Select the "Options" dialog from the "Tools" menu
2. Select the "Web Features" icon
3. Uncheck the "Enable Javascript" checkbox
4. Click "OK"

Re-enable Javascript for trustworthy sites that require it.

[Ed: Translation, do as they say i.e. disable Javascript or use Opera or Internet Explorer until they resolve this problem]

This is very unbecoming of Firefox. I bet the people at Redmond are laughing their heads off.

Technorati tag:


Post a Comment

<< Home