Major vulnerability in FireFox on Windows (more?)

If you use Firefox, especially on windows, read this!

If you fail to take protective measures you could stumble across a webpage which toasts your system.

Geoff wrote me:

Not sure about Linux and OS X – assume the worst.

See http://www.kb.cert.org/vuls/id/783400

For now, consider using another browser. But if you have to use FireFox…

The CERT advisory suggests that you configure FireFox to generate a warning dialog whenever it encounters one of the URLs involved in the exploit.

To do this, start FireFox, enter the URL “about:config”, scroll down, and for each of the following entries make sure it is set to “true”.

If it isn’t, right-click the line and choose “Toggle”, which will set the value to “true”

network.protocol-handler.warn-external-default
network.protocol-handler.warn-external.mailto
network.protocol-handler.warn-external.news
network.protocol-handler.warn-external.nntp
network.protocol-handler.warn-external.snews

This will at least give you a warning that Firefox is being asked to do something suspicious; you will have to judge for yourself whether it is nasty.

5 Replies to “Major vulnerability in FireFox on Windows (more?)”

  1. Pingback: Samizdata.net
  2. source codebase looks like it’s fixed (patch). But not sure when a release will be out??

  3. IT’s fixed now, my version just updated itself with patch 2.0.0.6 which has the fix in it

Leave a Reply

Your email address will not be published. Required fields are marked *