Message boards :
Number crunching :
Flaw in Fire FOx
Message board moderation
Author | Message |
---|---|
Pascal, K G Send message Joined: 3 Apr 99 Posts: 2343 Credit: 150,491 RAC: 0 |
Flaw Semper Eadem So long Paul, it has been a hell of a ride. Park your ego's, fire up the computers, Science YES, Credits No. |
ampoliros Send message Joined: 24 Sep 99 Posts: 152 Credit: 3,542,579 RAC: 5 |
This threat applies if you allow sites to install add-ons to Firefox. By default this is turned on but only for two sites (update.mozilla.org and addons.mozilla.org). It would work by allowing the sites to use your javascript history and the mozilla website to fool your browser into thinking the malicious page is one of the two trusted sites. [eg redirect a frame to mozilla and then to the malicious site, then use a javascript exploit to fool your browser into thinking that the mozilla site opened the window (or frame), then the frame would have the same privaledges as the mozilla sites] Both of the default trusted sites are under the control of the Mozilla foundation and have been fixed server-side. If you have not changed the default preferences for install sites you should not be vulnerable. 7,049 S@H Classic Credits |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.