Friday, September 09, 2005
Don't click strange links, especially until Firefox gets fixed
It's a good policy in general, and right now it's important because someone found a simple way to crash Firefox. If you try to follow a link that begins with "host:" and continues with a long string of dashes, boom.
The guy who discovered the problem thinks a bad guy could use it to take over your machine. Nobody's proven it and others are skeptical. The bug does belong to a class of bugs that are pretty dangerous to security.
Keep an eye out for the next Firefox version, and meantime continue with good hygiene. You wouldn't follow a stranger into an alley, so don't follow strangers into unknown places on the web. UPDATE 9/10: the Firefox team has a patch and workaround already.
UPDATE 9/17: rumor has it that people have figured out how to take over a machine by triggering this flaw.
UPDATE 9/23: it's more than rumor. Any interested bad guy can now get ready-made programming to take over your machine if you visit their web site. Upgrade if you haven't already.
|
The guy who discovered the problem thinks a bad guy could use it to take over your machine. Nobody's proven it and others are skeptical. The bug does belong to a class of bugs that are pretty dangerous to security.
Keep an eye out for the next Firefox version, and meantime continue with good hygiene. You wouldn't follow a stranger into an alley, so don't follow strangers into unknown places on the web. UPDATE 9/10: the Firefox team has a patch and workaround already.
UPDATE 9/17: rumor has it that people have figured out how to take over a machine by triggering this flaw.
UPDATE 9/23: it's more than rumor. Any interested bad guy can now get ready-made programming to take over your machine if you visit their web site. Upgrade if you haven't already.
# posted by Frederick @ 8:15 PM Email to a friend:
Haloscan: they provide trackback