main

Firefox reintroduces 7-year-old security flaw

malebolgia   on 07 June 2005 - 15:10 · 58 comments & 6289 views

Advertisement (Why?)
New versions of the Mozilla Foundation's browsers have reintroduced a seven-year-old flaw that makes them vulnerable to spoofing attacks, security advisory company Secunia said Monday.

Secunia first publicized the flaw last summer, warning that a feature that had been built into most browsers for years was in fact a security liability. The firm argued that a feature allowing one Web page to load arbitrary content into a frame of another page could allow an attacker to, for example, substitute his own log-in window on a bank's Web site. The feature was found in IE, Mozilla, Opera, Safari, and Mozilla derivatives such as Konqueror.

Most browser vendors, including Mozilla, agreed and updated their products to remove the feature. But it has been re-introduced in Firefox 1.0.4, Mozilla 1.7.8, and Camino 0.x, according to the firm.

The new vulnerability is a slight variation of the flaw fixed last year, Secunia said.

The Mozilla Project said it is investigating the report, and a moderator of the organisation's online support site said the flaw had not been exploited.

View: More Information
News source: InfoWorld


Minimum System Requirements
233 MHz Intel Pentium class or better processor
At least 128 MB of RAM
Windows 2000 or XP

Recommended System Configuration
For viewing 640x480 standard definition (SD) H.264 video:
1.8 GHz Intel Pentium 4 or faster processor
At least 256 MB of RAM
64 MB or greater video card
Windows 2000 or XP

New features in QuickTime 7 Player for Windows

  • H.264 video playback. Watch movies created with this state-of-the-art, standards-based codec, which delivers exceptional-quality video.
  • Surround sound. With QuickTime 7, your PC, and surround speakers, you can enjoy the full effect of your surround sound game or movie.
  • New and improved playback controls. Easily change settings including jog shuttle, playback speed, bass, treble, and balance.
  • Zero-configuration streaming. QuickTime automatically determines your optimal Internet connection speed and reconnects dropped connections.
  • Live resize. Playback continues smoothly as you change the size of the QuickTime Player window


New features in QuickTime 7 Pro for Windows

  • Create H.264 video. Create incredible-looking video for any use, from 3G for mobile devices to HD.
  • Create surround audio. Create a rich multimedia experience by adding multichannel audio to your movie.
  • Floating controls. Easily access functions like pause, play, fast-forward, and rewind while watching full-screen movies.
  • Background exporting. Export your movie in the background and continue with your next playback or editing task.
  • Improved movie authoring. The all-new Movie Properties facilitates simple and efficient movie authoring.
  • Automate with VB Script. Automate your QuickTime workflow with native VB Script support in QuickTime 7. Developers can also use VB Script to access the new QuickTime Active X control for creating custom multimedia applications.

Share this Article

About the Author

Full name: Unknown
User name: malebolgia
Contact: via forum PM
Submissions: View All
More: View Profile

Related news

Post a comment · Send to friend Comments · There are 58 additional comments
(3 replies) #1 Electronic Punk on 07 Jun 2005 - 15:10
What was the next big thing again?
#1.1 shao on 08 Jun 2005 - 08:57
i dunno. maxthon? ;-)
yes, time for some payback methinks.
#1.2 supernova_00 on 08 Jun 2005 - 14:07
This is now fixed in Firefox with todays nightly build 20050608. Expect 1.0.5 soon
#1.3 ivand67 on 08 Jun 2005 - 15:23
Firefox is still the king of all browsers! 1.05 will fix this pretty soon, because, as usual, Mozilla doesn't take more than a week to fix a little problem.

And this is NOT a big deal. Mozilla still rules.
(2 replies) #2 Wolfsglen on 07 Jun 2005 - 15:22
QUOTE
Mozilla derivatives such as Konqueror


Thought Konqueror used KHTML? Or am i thinking of something else and am wrong as usual
#2.1 quintesse on 07 Jun 2005 - 15:37
Nope, you're absolutely right. Maybe you can say that Safari is somehow a Konqueror derivative but even that would be stretching it.
#2.2 Wolfsglen on 07 Jun 2005 - 16:13
Ahh thanks! Had a feeling it was, but wasnt sure.
(12 replies) #3 M2Ys4U on 07 Jun 2005 - 15:22
I tried the secuinia test and it didn't work.

I tried it on 1.0.4 on 4 different computers, using both tabs and new windows, and nothing
#3.1 Steffan on 07 Jun 2005 - 15:23
It worked for me. Make sure you open the msdn page first and then run the test link from secunia.
#3.2 markjensen on 07 Jun 2005 - 15:30
Didn't do anything for me. The msdn content remain unchanged after opening the secunia exploit link. I even tried to re-open via the first link and to refresh the previous msdn window. I just could not get the secunia content to display in any of the msdn frames as indicated...

What exact steps did you do Steffan?
#3.3 Steffan on 07 Jun 2005 - 15:43
I followed the steps that secunia had to test it. The injection page from secunia took over the frame that had "Welcome to the MSDN Library".

It could be the version of ff that I'm using. I'm using Deer Park Alpha 1. Maybe Mozilla fixed it with either 1.04 or a pervious patch.
#3.4 ThaCrip on 07 Jun 2005 - 16:25
the exploit did not seem to effect me either... i opened the windows like they said (mine where opened in new tab's) ... basically i opened the microsoft one first then the exploit page second then opened another tab (the microsoft link) again and i did not notice anything out of the ordinary in that window or the original microsoft window i initially opened.

so im assuming im not affected
#3.5 tiagosilva29 on 07 Jun 2005 - 17:09
Worked here.

Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-PT; rv:1.7. Gecko/20050511 Firefox/1.0.4

#3.6 RotAtoR on 07 Jun 2005 - 17:26
Didn't work here either using Deer Park Alpha 1

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050531 Firefox/1.0+
#3.7 Steffan on 07 Jun 2005 - 17:30
^ How did you get yours to prevent the injection? I upgraded to the version you have and its still getting injected.
#3.8 ThaCrip on 07 Jun 2005 - 17:57
mine dont work either (like i said above) ... the flaw dont seem to work on me either... im using firefox 1.0.4
#3.9 em_te on 07 Jun 2005 - 18:11
It only works on a default installation of Firefox since it relies on some of the default preferences being set. And you have to left-click on the first link to have it open automatically in a new window. You can't use the middle-click button to do that. And when it opens in the new window, then click on the second link. Also you can't be using any extensions that modify the default preferences such as SingleWindow.
#3.10 UnnamedStone on 07 Jun 2005 - 19:29
So.. if you have installed tabmix/tab preference etc, it doesn't work, right?
#3.11 gaekwad2 on 07 Jun 2005 - 20:13
If you have Force links that open new windows to open in: a new tab enabled it doesn't work.
#3.12 ThaCrip on 08 Jun 2005 - 01:56
well good then... im immune to it
#4 tommie on 07 Jun 2005 - 15:24
Worked on my 1.0.4
#5 NeoXP on 07 Jun 2005 - 15:25
Same here.. doesn't seem to affecting us?? I'm using FF 1.0.4
#6 MoRiA on 07 Jun 2005 - 15:30
Works in Firefox 1.1+ (i.e. Deer Park Alpha 1), too..
#7 supernova_00 on 07 Jun 2005 - 15:31
why is the post titled 'Firefox reintroduces' when you guys mention Opera and Konqueror being affected. Opera uses is own engine and Konqueror is KHTML not gecko
(5 replies) #8 Caleb on 07 Jun 2005 - 15:34
If you are using the Firefox Alpha 1 (aka Deer Park Alpha 1) you are NOT vulnerable...

#8.1 Rabbai on 07 Jun 2005 - 16:04
Wrong
#8.2 markjensen on 07 Jun 2005 - 16:12
QUOTE
it looks to me like it might actually be a bugged thats caused by an extension not by the base install of FF
That could be it. I didn't see the flaw in Firefox, but I don't have any extensions.
#8.3 Ava3ar on 07 Jun 2005 - 16:12
it doesnt seem to work in singlewindow mode in eithre Trunk (DP from yesteday etc not the one announced) or stable (1.0.4)

i havent tested it out of singlwindow mode but all people ive spoken to cant get it to work, it looks to me like it might actually be a bugged thats caused by an extension not by the base install of FF
#8.4 Angry_Badger on 07 Jun 2005 - 16:16
Correct. Im using a recent trunck in single window mode and it doesnt work
#8.5 Ned on 07 Jun 2005 - 16:58
It doesn't work in single window mode. The link from step two just opens another tab. When I disable the Tabmix extention I'm vulnerable.

Last edited by 76077 on 07 Jun 2005 - 17:14
(1 reply) #9 Caleb on 07 Jun 2005 - 15:37
WTH?

Why is Firefox being mentioned there when IE is the one vulnerable to it in the first place?
#9.1 markjensen on 07 Jun 2005 - 15:39
Let me venture a guess after reading through the article quickly: Because the Mozilla team had removed this problem, and now the problem has been put back into their browser.

Plus, the original problem was across all common browsers, not just an "IE" problem. And, according to the article, this affects Mozilla products - not IE or anybody else.

While IE does have their own set of issues, there is no need to try to falsely pin this as just an "IE problem".


EDIT: It seems that it also affects some versions of IE (see SkyyPunk's post, below)

Last edited by 36818 on 07 Jun 2005 - 15:56
(3 replies) #10 SkyyPunk on 07 Jun 2005 - 15:54
im using IE and this worked on me
#10.1 markjensen on 07 Jun 2005 - 16:00
That is so strange! Even though the Secunia report doesn't mention it at all, it happens on IE (6.0.2800) on my box, but not Firefox.

Strange, indeed...
#10.2 Angry_Badger on 07 Jun 2005 - 16:06
It affects opera too (it just the the PoC doesnt work on opera becuae opera uses are served different content from that page). So all the smug IE users should wipe the smile from thei faces. The story is that its been re introduced
edit:hmm mixed stories about opera....
#10.3 Ned on 07 Jun 2005 - 17:16
QUOTE
edit:hmm mixed stories about opera....


[edit]nevermind... version 8 is not effected.
#11 Packet1009 on 07 Jun 2005 - 16:00
Just to confirm to an earlier poster, Opera 8 (that's what i tested) isnt affected by this - even if the browser identifies itself as Mozilla.
#12 AJCrowley Esq on 07 Jun 2005 - 16:08
Well, if they fix this "flaw", some of my old code will cease to function. Isn't this something like saying frames are a flaw, because you can't see the actual page URL?
#13 Colin-uk on 07 Jun 2005 - 16:23
works for my IE too
#14 zivan56 on 07 Jun 2005 - 16:37
How is this an exploit? This happens all the time I when I shift+click on a link that has a target identifier, when I click on the original again, it will open in the new browsers target frame. You can see this on same pages like on Asus site.
#15 Septimus on 07 Jun 2005 - 16:50
It's not inserting data into the frames as they say it should on Opera either.
#16 Cyranthus on 07 Jun 2005 - 17:00
way to go firefox
(1 reply) #17 vetlardiop on 07 Jun 2005 - 17:27
My 2 Cents:

Who cares? "This exploit could be used to attack a text file on your computer, but only on odd-numbered wednesdays and on systems with exactly 2483872kb of RAM"

I really dislike companies like secunia. Go research something that matters.
#17.1 eRad on 07 Jun 2005 - 19:48
lol =)
#18 TheSarge on 07 Jun 2005 - 18:20
Yeah, not exactly what I'd call a critial flaw.
#19 Jonathan2007 on 07 Jun 2005 - 18:33
Wow. I thought this flaw was pretty major until I heard what lardiop said. Now I think it is kind of funny. Anywho I am using Mozilla FireFox 1.0.4 in Kubuntu Linux and when I first tried it, I opened both pages in tabs. It did not work. Then I tried opening the pages
in new windows and it worked. I don't know if that interests any of you but oh well.
#20 ThunderRiver on 07 Jun 2005 - 19:43
it works on both FF 1.0.4 and IE6 SP2
However, I don't see the big deals of it...
#21 mr_da3m0n on 07 Jun 2005 - 19:57
Uh.. maybe it's me but the article headline seems to have only partial relevance to the contents... oh well.
#22 xinok on 07 Jun 2005 - 21:18
#23 Marshalus on 07 Jun 2005 - 21:22
The post has been edited to reflect the fact that Mozilla accidently enabled a "feature" it had previously disabled.

Sorry for the confusion.
(1 reply) #24 joker999 on 07 Jun 2005 - 22:10
doesnt work on my Deer park alpha 1

work on IE6 :o
#24.1 bryonhowley on 07 Jun 2005 - 22:45
Does not for me with IE6(SP2) all updates
Does work with Firefox
Netscape 8 just opens a new tab not the same window.
#25 Digitalfox on 08 Jun 2005 - 00:52
It worked with me...

But i'm not worryed, i still prefer firefox to any other browser
#26 dhitb on 08 Jun 2005 - 01:32
The test worked on my FF 1.0.4... so are we going to have to upgrade to 1.0.5 soon?
#27 mr_da3m0n on 08 Jun 2005 - 03:43
What I wish you guys could fix is the Safari and Konqueror goof up. They use WebKit and KHTML which are both derivates of the same thing. Nothing to do with Gecko.
#28 pyu on 08 Jun 2005 - 07:31
For those using Firefox and if the .. vulnerability test succeeds on your browser, set your Tabs preferences to force links that open in "new windows in a new tab". The preference setting is there.

In short, the vulnerability only works when you open links in new windows.
#29 Alan Zeino on 08 Jun 2005 - 07:59
Doesnt work if you have it so it opens all new windows in tabs
#30 Bryan000 on 08 Jun 2005 - 10:02
This is fixed in Firefox's CVS. The update should be coming soon. Firefox is gonna see its share of vulnerabilities, noone ever denied that. But they get fixed (and fast). That's what is important.

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.877) © 2000 - 2008 Neowin.net