Mozilla flaws could allow attacks, data access
by Munir Kotadia , CNET News.com | Published: 4/18/05
Multiple vulnerabilities that could allow an attacker to install malicious code or steal personal data have been discovered in the Mozilla Suite and the Firefox open-source browser.
Details of the nine flaws were published on http://dw.com.com/redir?destUrl=http...d=22&lop=nl_ex Mozilla's security Web site over the weekend.
Another issue could allow malicious scripts to gain access to random pieces of memory, he said.
"This random memory may or may not contain pieces of information about where you have been browsing. The worst-case scenario is that it could contain some personal or login information," said Latter.
On Monday, security advisory firm Secunia issued a "highly critical" rating on the flaws found in Mozilla Firefox 0.x and 1.x versions. Secunia posted its advisory on eight of the flaws.
According to the French Security Incident Response Team, attackers could run malicious code on a user's system because of a flaw in the Mozilla browser's pop-up blocker.
Another of the Firefox flaws can be exploited when a user visits a Web page that requires a plug-in that has not already been installed. The French advisory claims that if the browser's Plug-in Finder Service is used to automatically locate an appropriate plug-in, the "manual install" function can be used to "launch arbitrary code capable of stealing local data or installing malicious code."
All versions of Mozilla Suite prior to version 1.7.7 and all versions of Firefox prior to 1.0.3 are vulnerable.
Munir Kotadia of ZDNet Australia reported from Sydney.