Securityview warns of new Firefox flaw

By on

A new vulnerability has surfaced in Mozilla Firefox that could be exploited to launch a DoS attack, security firms warned today.

Monitoring service Securityview today confirmed the flaw, present in Firefox version 1.5.0.3.

When exploited, the vulnerability permits "JavaScript to generate image tags with the ‘mailto:’ link, which in turn will open the mail application automatically without any user interaction," according to the SANS Internet Storm Center.

"As a result, many mail windows will be opened, and the system will become unresponsive," SANS said.

As users await a patch, the group recommended configuring the email application so it does not start up automatically.

"Now, whenever you click on a mailto: link, you will first be asked if you would like to start your email application," SANS said. "In the case of this exploit, this will keep your system responsive, even though you may still have to click on all the dialogs."

The group also said disabling JavaScript or the mailto: link function are other workaround options, but they will be more "intrusive."

As of this afternoon, Firefox had not released an advisory on the vulnerability. 

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?