Securityview warns of new Firefox flaw

By

A new vulnerability has surfaced in Mozilla Firefox that could be exploited to launch a DoS attack, security firms warned today.

Monitoring service Securityview today confirmed the flaw, present in Firefox version 1.5.0.3.


When exploited, the vulnerability permits "JavaScript to generate image tags with the ‘mailto:’ link, which in turn will open the mail application automatically without any user interaction," according to the SANS Internet Storm Center.

"As a result, many mail windows will be opened, and the system will become unresponsive," SANS said.

As users await a patch, the group recommended configuring the email application so it does not start up automatically.

"Now, whenever you click on a mailto: link, you will first be asked if you would like to start your email application," SANS said. "In the case of this exploit, this will keep your system responsive, even though you may still have to click on all the dialogs."

The group also said disabling JavaScript or the mailto: link function are other workaround options, but they will be more "intrusive."

As of this afternoon, Firefox had not released an advisory on the vulnerability. 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
firefoxflawnewofsecuritywarns

Sponsored Whitepapers

Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra

Events

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul
CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'
Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls
WestJet probes cyber security incident

WestJet probes cyber security incident
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?