Mozilla Foundation browser users have been warned to be on the look-out for two new flaws in their browsers. SecurityFocus has released a security warning covering a series of problems affecting the browsers on a variety of platforms.
The first could allow the source of downloads to be spoofed. It affects the latest versions of both Firefox and Mozilla and is explained in detail on Bugzilla. The problem relates to the way the downloads dialog box displays long filenames - by default, sticking in some unusual characters can prevent part of a download URL from being displayed. This could make a file appear to be coming from a genuine source when it's actually on a completely different server. Users are warned to not follow links from untrusted sources.
Users face a second problem connected to the way the browsers handle news:// links to newsgroups. Hackers could create malicious links to news servers which cause a buffer overflow, allowing them to inject hostile code into systems. It's understood to affect versions of Mozilla before 1.7.5; Firefox users were also warned to ensure they were running v1.0 to minimise the risks.
Finally, a third problem affects the Firefox/Thunderbird combination. It's said to be a bit less serious than the first two, but involves temporary files being stored in a way which means anyone could look at files people have been downloading on the same machine.
News source:
ieXbeta
Full story:
View Here