“Security researchers have disclosed a zero-day vulnerability in the latest version of Firefox that gives miscreants complete control of Windows-based computers when the Mozilla browser visits a booby-trapped website.
The vulnerability resides in the way Firefox handles uniform resource identifiers, the protocols that allow the browser to access software and other resources located on a PC. The browser fails to properly vet at least five different URIs, a flaw that could allow an attacker to install malware on a PC simply by convincing a victim to click on a doctored link.”
Here is some more Tech News from around the web:
- Deep packet inspection meets ‘Net neutrality, CALEA @ Ars Technica
- Would you be interested in a “[H]ard” energy drink?
- Seagate to Drop IDE Drives by Year End @ Slashdot
- Where’s The Physics: The State of Hardware Accelerated Physics @ AnandTech
- Octopod tripod from Gizgeek @ DragonSteelMods
- Gigabyte’s Tech Talk 2007 Part I @ HardwareLogic
- Photoshop Tip: Replace a Boring Sky with one that Pops! @ HardwareLogic
- D-Link Xtreme N Gigabit Router @ X-bit Labs
- TRENDnet TEW-631BRP Router & TEW-621PC PC Card @ HotHardware
- The Rebirth Of Diamond Multimedia @ motherboards.org
Source: The Register
This one comes to FireFox users in much the same way as the vulnerability that was patched last week, through the way Uniform Resource Identifiers are handled. Last week’s flaw involved URI’s passed from IE, this week it has to do with the way FireFox, Netscape 9 and Mozilla handle them directly. A patch is currently in the works, which you can read about on The Register. This type of vulnerability will keep appearing when new URI’s are added, which is going to keep happening with the growth of it’s two subsets, Uniform Resource Librarys and Uniform Resource Names.