New Mozilla Flaws Exposed | Internet News
Security
SHARE
Facebook X Pinterest WhatsApp

New Mozilla Flaws Exposed

Written By
Sean Michael Kerner
Sean Michael Kerner
Jan 7, 2005
2 minute read

A trio of newly exposed flaws in Mozilla browsers (including Firefox) was
announced this week by a number of different security researchers.

The download spoofing flaw
was reported by security firm Secunia this
week. This flaw could allow a malicious user to make a downloaded
file appear to be coming from a different source than it actually is, which
could be used to trick users into downloading something that they’re not
expecting.

Bugzilla, Mozilla’s bug tracking system, has assigned repair responsibility
to Mozilla staffer Ben Goodger. According to Mozilla, the bug
carries a “normal” severity rating; Secunia has currently rated it as “less
critical.” Users are warned not to download material from untrusted sources.

Polish security research firm iSEC reported
a buffer overflow bug with the NNTP (newsgroup
protocol). The vulnerability could allow an attacker to potentially execute
arbitrary code when a news:// connection is triggered. The bug exists on at
least Mozilla 1.7.3 and, according to the Mozilla Foundation, it has been fixed
in version 1.7.5.

According to iSEC’s advisory, Mozilla developer Dan Veditz claimed that the bug cannot be exploitable in a
Bugzilla posting. ISEC researcher Maurycy Prodeus, who wrote the advisory, issued proof of concept code that
worked in his test bed environment.

“On my RedHat 9.0 with Mozilla 1.7.3 attached proof of concept code
overflows the buffer using attacker-supplied data,” Prodeus wrote. “I
decided to make this bug public because Mozilla Team hasn’t warned users.”

A third Mozilla vulnerability reported by security firms
ptraced.net
and Gentoo Foundation
has revealed a potential problem with the way Mozilla
Thunderbird and Firefox handle temporary files. Martin from
ptraced.net discovered that temporary files in Thunderbird 0.8 and 0.9.3
were stored with predictable names in a world-readable format, which could
potentially expose a user to risk.

Based on five advisories issued by security research firm Secunia since
August 2004, 80 percent currently remain unpatched.
Secunia stats also illustrate a small level of user
risk, with 80 percent of advisories in the same period bearing a “Less
Critical” label and 0 percent of them being rated as extremely critical (20
percent were rated as moderately critical).
Sean Michael Kerner
Internet News Logo

InternetNews is a source of industry news and intelligence for IT professionals from all branches of the technology world. InternetNews focuses on helping professionals grow their knowledge base and authority in their field with the top news and trends in Software, IT Management, Networking & Communications, and Small Business.

facebook
x

Company

Contact us Advertise with us

Categories

News Enterprise Small Business Reviews Podcasts Blog Research

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information