Exploit code that can use older versions of the
open-source Firefox browser to remotely take over users’ PC has
appeared on the internet.
Users of Firefox browsers older than version 1.0.5 could be
attacked using the code, which has been published by Israeli
software developer Aviv Raff.
Raff said Firefox users had been given ample time to upgrade
their browsers, to avoid falling victim to the type of attack that
can be created using his code, which demonstrates a flaw originally
publicised this summer.
The vulnerability was fixed by Firefox distributor Mozilla with
version 1.0.5. Mozilla also recently launched the major Firefox 1.5
upgrade, equipped with a host of new security features.
The flaw that Raff’s code can be used to exploit relates to the
way older versions of Firefox handle JavaScript in web pages.
Malicious websites could be used to allow remote attackers to
run arbitrary code on a user’s machine without them knowing.
Mozilla released an advisory this week about a potential problem
in Firefox 1.5, which addressed the possibility of the browser
“hanging” when visiting certain websites. This was described as a
minor issue by Mozilla.