Wednesday June 08, 2005 
Wednesday June 08, 2005
New Mozilla Firefox vulnerability found
"A 7-year-old flaw that could let an attacker place malicious content on trusted Web sites has resurfaced in the most recent Firefox browser, Secunia has warned. The flaw, which also affects some other Mozilla Foundation programs, lies in the way the software handles frames. The applications don't check whether the frames displayed in a single window all originate from the same Web site." Commentary on this at whitedust as well.
Basically, the flaw means that if you are viewing a trusted site in one window (eg paypal or your bank) and open a site belonging to a spoofer in another window, the spoofer can insert code in the window showing the trusted site.
This is a theoretical vulnerability, there have been no actual examples of anyone doing it. It affects Firefox 1.0.4 and Deer Park Alpha.
To protect yourself, close all other windows/tabs before accessing a site where you routinely put in a secure password (eg your bank or paypal account), or your bank or credit card details (eg Amazon), or other sensitive data. If you use one of the tabbed browsing extensions and can set it to always open links in new tabs, never in a new window, this also prevents the vulnerability from being exploited.
- Well, expect Firefox 1.0.5 soon. The patch has already been checked in.
(2005-06-08 09:41:05 SGT)
[Tech]
Permalink
Comments [2]
"Message storm" knocked NYSE offline
The New York Stock Exchange is re-examining its network after it was forced to close four minutes early at 3:56pm on Wednesday (1 June) because of a communications glitch. Trading opened on time (09:30 EDT) the following morning but the outage irked traders and raised questions about the reliability of a network described as 'ultra reliable' following improvements made in the wake the September 11 terrorist attacks. The outage stemmed from a fault in a system designed to distribute market data and operate computer trading systems. NYSE Chief Executive John Thain said that both the main system and its backup were swamped with error messages, Reuters reports. He added that the exchange would carry out remedial work designed to prevent any repetition of the problem.
(2005-06-08 09:34:45 SGT)
[Tech]
Permalink
Most popular blog postings on lowem.log :
1. Singapore MRT rail network length to double by 2020
2. 2010 Nissan Leaf electric car specifications : 107hp, 24KWh lithium-ion batteries, 100-mile range
3. Live spot gold price quotes chart on COMEX
4. 2010 Toyota Prius specifications released : 50 mpg, 1.8L, 134hp, Ni-MH, solar roof option
5. AVG Anti-Virus Free Edition 2011 direct download link
6. Real-time live gold and silver price quotes chart on COMEX
7. Singapore electric vehicles : Government agencies EMA and LTA to study EV introduction
8. Book review : Shut Down by William Flynn
Featured articles on lowem.log :
1. Book review : Shut Down by William Flynn
2. Singapore electric cars testing starts with 9 electric vehicles
3. Honda, GS Yuasa JV to make lithium-ion batteries for 2010/2011 Honda Civic Hybrid
4. 2010 Honda Civic Hybrid preliminary specifications released
5. 2010 Honda CR-Z hybrid, 2010 Honda Fit/Jazz hybrid models confirmed
6. 2010 Toyota Prius specifications released : 50 mpg, 1.8L, 134hp, Ni-MH, solar roof option
7. NYMEX crude oil recovers from $32.40 low after 2.2 mbpd OPEC production cut announced
8. Singapore : Nuclear power not ruled out
| search |
|
|
| sponsored links |
|
|
| bookmarks |
|
about
blogroll
sites
quotes
charts
historical |
| navigation |
| decals |
|
| powered by |
|
| hosted by |
|