Hackers can grab control of computers by taking advantage of vulnerabilities in both the Mozilla browser suite and the Firefox standalone browser.
Hackers can grab control of computers by taking advantage of vulnerabilities in both the Mozilla browser suite and the Firefox stand-alone browser, a security intelligence firm said Monday.
According to Reston, Va.-based iDefense, Mozilla 1.7.3 and Firefox 1.0 -- and likely all earlier versions as well -- include a "design error" that lets hackers create a memory heap overflow, which then allow remote code execution and a compromise of the system. Even a failed attempt to exploit this flaw could bring down the browser, added iDefense.
Mozilla characterized the problem as "high" on the severity chart, but "low" on risk, in part because it said a successful exploit was dicey. "Creating the exact conditions for exploitation--including running out of memory at just the right moment--is unlikely," Mozilla said in an online security advisory.
There is no patch -- not uncommon with Mozilla browsers -- and instead users are urged to update to the newest versions, which don't include the flaw. Mozilla 1.7.6 and just-released Firefox 1.0.1 are the recommended editions. Both can be downloaded from the Mozilla Foundation Web site.
iDefense has posted details on the vulnerability on its site.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.