Firefox Security Holes Named Critical
Two serious security holes in Mozilla’s Firefox browser were identified this week which have led to questions as to exactly how secure the Firefox browser truly is. The Mozilla Foundation and the public were educated when European security firms Secunia and FrSIRT were given the information by a unnamed source.
Securnia called for a critical alert status for these Firefox holes and said that hackers may have the codes to exploit such flaws in the browser.
The problem is that “IFRAME” JavaScript URLs are not properly protected from being executed in context of another URL in the history list. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an arbitrary site.
A second hole is that the Input passed to the “IconURL” parameter in “InstallTrigger.install()” is not properly verified before being used. This can be exploited to execute arbitrary JavaScript code with escalated privileges via a specially crafted JavaScript URL.
The vulnerabilities have been confirmed in Firefox 1.0.3 and other versions may also be affected.
You question how security is firefox? please, if that is a security probleme is fixed right away, that’s the advantage of open source, anybody can fix it, so …. it looks like you need to learn or educate before write, that’s the problem with internet, any idiot thinks that he can write programs, and also any idiot thinks can write any shit and post it anywhere, so shame.