Firefox patch released Friday only fixes 50% of problem


February 12, 2008

According to Dutch programmer Ronald van den Heetkamp, the patch, version 2.0.0.12 still leaves Firefox uses vunerable to attack unless they install install the NoScript plugin until issues are addressed. Within a couple of minutes of testing van den Heetkamp discovered a security issue still exists with the ‘view source’. “With it, we can view the source of any file located in the ‘resource:///’ directory, which translates back to: file:///C:/Program Files/Mozilla Firefox/. Then we only include the file inside it and it becomes available to a new page’s DOM, and so we are able to read all settings.” He says there are likely other issues related to scripting which need to be looked at for the next patch. In the meantime the NoScript plugin is available at http://noscript.net/.






 

Post a comment

Your email address will not be published. Required fields are marked *

Visited 668 times, 2 so far today