![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
chickenMozilla/Firefox has finally been hit with a bug, but a patch is already
available:
Here is a re-post of our main security System Admin here at Brown, warning us on the SYSADMIN listserv.
Windows users, please upgrade your Mozilla and Firefox browsers to 0.9.2 -- remember, as the man says the link still says 0.9.1, but it really leads to an 0.9.2 release,
He also reminds us once again to run Windows Update to fix a few I.E. bugs, and to use I.E. as little as possible, since it has many unfixed bugs.
EDIT: Being a Mac user RULES!
---- Forward from System Admin: -----
Many of you have heard me describe Internet Explorer vulnerabilities and
have begun to use or are using Mozilla/Firefox. If you are using these
products you need to upgrade your browser to fix the latest browser
vulnerability.
The latest vulnerability allows you to execute a windows executable from
a web page with the following command:
<a href=shell:windows\system32\cmd.exe>CMD.EXE</a>
The patch tells Mozilla/Firewfox to ignore the "shell" portion of the
above HTML. It may be possible to use this flaw to run arbitrary code
on your system, so you should upgrade ASAP. This vulnerability does not
work in Opera (tested version 7.50). Internet Explorer asks you if you
wish to run the command when you click on the link, but will execute it
if you click the "Open" button. Upatched versions of Mozilla and
Firefox will open the link without prompting you.
http://www.mozilla.org/products/firefox/ - Firefox download page (lists
0.9.1 as latest version, but download link gives you versio 0.9.2).
http://www.mozilla.org/products/mozilla1.x/ - Mozilla download page,
1.7.1.
http://www.eweek.com/article2/0,1759,1621463,00.asp - eWeek article by
Larry Seltzer
Also, while we're on the subject of patching browsers, don't forget to
apply the latest windows updates to fix the latest IE security
vulnerabilties (See advisory from yesterday).
available:
Here is a re-post of our main security System Admin here at Brown, warning us on the SYSADMIN listserv.
Windows users, please upgrade your Mozilla and Firefox browsers to 0.9.2 -- remember, as the man says the link still says 0.9.1, but it really leads to an 0.9.2 release,
He also reminds us once again to run Windows Update to fix a few I.E. bugs, and to use I.E. as little as possible, since it has many unfixed bugs.
EDIT: Being a Mac user RULES!
---- Forward from System Admin: -----
Many of you have heard me describe Internet Explorer vulnerabilities and
have begun to use or are using Mozilla/Firefox. If you are using these
products you need to upgrade your browser to fix the latest browser
vulnerability.
The latest vulnerability allows you to execute a windows executable from
a web page with the following command:
<a href=shell:windows\system32\cmd.exe>CMD.EXE</a>
The patch tells Mozilla/Firewfox to ignore the "shell" portion of the
above HTML. It may be possible to use this flaw to run arbitrary code
on your system, so you should upgrade ASAP. This vulnerability does not
work in Opera (tested version 7.50). Internet Explorer asks you if you
wish to run the command when you click on the link, but will execute it
if you click the "Open" button. Upatched versions of Mozilla and
Firefox will open the link without prompting you.
http://www.mozilla.org/products/firefox/ - Firefox download page (lists
0.9.1 as latest version, but download link gives you versio 0.9.2).
http://www.mozilla.org/products/mozilla1.x/ - Mozilla download page,
1.7.1.
http://www.eweek.com/article2/0,1759,1621463,00.asp - eWeek article by
Larry Seltzer
Also, while we're on the subject of patching browsers, don't forget to
apply the latest windows updates to fix the latest IE security
vulnerabilties (See advisory from yesterday).
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
(no subject)
Date: 2004-07-09 12:07 pm (UTC)Y'know, it's so wrong that I don't have an 'Oh crap!' icon.
(no subject)
Date: 2004-07-09 12:28 pm (UTC)(no subject)
Date: 2004-07-09 12:29 pm (UTC)(no subject)
Date: 2004-07-09 12:37 pm (UTC)(no subject)
Date: 2004-07-09 12:57 pm (UTC)