NEWS FROM THE LAB - Sunday, April 17, 2005

New Exploits released for Mozilla and Firefox Posted by Mikko @ 19:15 GMT

FirefoxProof-of-concept exploits for the popular Mozilla and Firefox web browsers have been posted on public mailing lists. They target the following vulnerabilities:

- Code execution through favicons link
- Arbitrary code execution from Firefox sidebar panel

These exploits allow the attacker to run arbitrary commands on Firefox before version 1.0.3 and Mozilla before version 1.7.7.

We advice all Mozilla and Firefox users to immediately patch their browsers. Otherwise you might get nasty stuff happen on your computer just by surfing to the wrong site.