Browse > Home / Blog article: Firefox patch released Friday only fixes 50% of problem

Firefox patch released Friday only fixes 50% of problem

By Janine de Blois

February 12, 2008

According to Dutch programmer Ronald van den Heetkamp, the patch, version 2.0.0.12 still leaves Firefox uses vunerable to attack unless they install install the NoScript plugin until issues are addressed. Within a couple of minutes of testing van den Heetkamp discovered a security issue still exists with the ‘view source’. “With it, we can view the source of any file located in the ‘resource:///’ directory, which translates back to: file:///C:/Program Files/Mozilla Firefox/. Then we only include the file inside it and it becomes available to a new page’s DOM, and so we are able to read all settings.” He says there are likely other issues related to scripting which need to be looked at for the next patch. In the meantime the NoScript plugin is available at http://noscript.net/.

Click here to discuss this: Security Forums

Filed Under IT Security, Internet Security News, Software Security 
Tagged:



Add to Bookmarks:

ADD TO DEL.ICIO.US     ADD TO DIGG     ADD TO FURL

ADD TO STUMBLEUPON     ADD TO YAHOO MYWEB     ADD TO GOOGLE     ADD TO SPURL


Related posts to "Firefox patch released Friday only fixes 50% of problem":



Comments

Got something to say?





Visited 173 times, 1 so far today