Two security holes found in Firefox web browser
Last Updated: Thursday, February 8, 2007 | 12:39 PM ET
CBC News
Related
External Links
(Note: CBC does not endorse and is not responsible for the content of external sites - links will open in new window)
Two flaws found in the Firefox web browser could result in users exposing sensitive information to malicious attackers, according to a computer security company.
One of the vulnerabilities, which affects the latest version of the popular web browser, could let an attacker fool the software into identifying a website as secure when it should classify it as a phishing site, SecuriTeam, an arm of Beyond Security Inc., said on Wednesday.
Phishing sites trick people into disclosing sensitive information such as online banking passwords by mimicking legitimate trusted sites such as a bank.
The security hole in Firefox version 2.0.0.1 can be exploited by simply adding an extra forward-slash character to a site's address, or URL (Universal Resource Locator), according to the group, which has offices in McLean, Va., and Netanya, Israel.
In order to exploit the vulnerability, an attacker would have to fool a person into clicking a specially crafted link in an e-mail, document or a malicious website.
SecuriTeam had issued an advisory on Monday, Feb. 5, that stated the pop-up window blocker in an earlier version of Firefox could be compromised to allow an attacker to read files on a computer at will.
The flaw in Firefox 1.5.0.9 could give an attacker the same access rights to files as a user who manually allows pop-ups from a site, SecuriTeam said.
The security hole could give a malicious individual access to sensitive information stored on the target computer.
The pop-up hole would also require a person to click on a specially crafted link either in an e-mail, document or web page.
It was not clear whether the vulnerabilities affected versions of Firefox other than those specifically cited in the reports.
The Mozilla Foundation, which oversees development of the Firefox browser, did not have any comment about either security hole published on its security site Thursday morning.
Share Tools
Top News Headlines
- Legalize pot, say former B.C. attorneys general
- Four former B.C. attorneys general are joining a coalition of health and justice experts calling for the legalization of marijuana. more »
- Whitney Houston's funeral to be held Saturday
- Pop star Whitney Houston's funeral service will be held Saturday in the New Jersey church where she first showcased her singing talents as a child. more »
- Online surveillance bill targets child porn: Toews
- A bill that would give police and intelligence agencies new powers to access Canadians' electronic communications is needed to protect against child pornography, says Public Safety Minister Vic Toews. more »
- Air Canada pilots give strike mandate to union
- The union representing Air Canada pilots has been given an overwhelming mandate to call a strike, though the pilots have said they won't use that option while mediated talks are ongoing. more »
Latest Technology & Science News Headlines
- New iPad anticipated in March
- The latest version of Apple's iPad tablet will launch in early March, according to blog and media reports this week. more »
- Higgs boson hunt aided by energy boost
- The world's largest particle accelerator is ramping up its beam energy in hopes that scientists will learn definitively this year whether the last undiscovered particle in the Standard Model of Physics exists. more »
- Nortel hit by suspected Chinese cyberattacks for a decade
- Hackers based in China enjoyed widespread access to Nortel's computer network for nearly a decade, according to a report. more »
- U.S. weighs steep nuclear arms cuts
- The Obama administration is weighing options for sharp new cuts to the U.S. nuclear force, including a reduction of up to 80 per cent in the number of deployed weapons, The Associated Press has learned. more »
Bob McDonald's Blog
Glacier Discovery Walk: Will the visitor centre enhance the view? Feb. 14, 2012 9:22 AM Environment minister Peter Kent has announced the construction of a new Glacier Discovery Walk and visitor centre on the Icefields Parkway in Jasper National Park. It raises the issue of how to balance commercial development in our National Parks against the preservation of the last refuges of wilderness.
Quirks & Quarks
- February 11: Inside the Mind of a Neandertal Feb. 10, 2012 4:01 PM Can we get inside the mind of a species that's been dead for 30,000 years? A new book, How to Think Like a Neanderthal, suggests we can. The authors reconstruct a creature like us in many ways, but with important differences.
Latest Features
- Online surveillance critics accused of supporting child porn
- Whitney Houston's funeral to be held Saturday
- HMCS Corner Brook collision damage extensive
- Online surveillance bill targets child porn: Toews
- Mooning Queen proves costly for Australian man
- Legalize pot, say former B.C. attorneys general
- MacKay says submarine fleet has 'spotty' history
- Stanley Cup rioter seen in brick attack on cop
- Man kidnapped at Greyhound station escapes captors
