«
»

XChat Author Warns for Firefox Exploit

A second more serious security issue has been discovered which is also being fixed by the recently released Firefox 1.0.7.

The exploit, which is classified as ‘extremely critical’, exploits a security hole in the startup script of Firefox. By passing parameters in URL’s from external applications it is possible to perform commands when Firefox is configured to be the default browser.

The exploit can only be used on certain Linux and *nix systems.

“We have a work-around in xchat 2.4.5, but to really fix it you need to upgrade firefox and mozilla” XChat author Zed said to IRC-Junkie in a  reaction.

To state the obvious, this is not an issue with XChat, or any other program passing on URL’s to Firefox, but an issue with Firefox/Mozilla which is using a bash script to startup.

Related posts:

  1. UnrealIRCd team releases patch against Firefox XPS Attack In a posting on the UnrealIRCd project website, coder Syzop...
  2. IRCu Family IRCd DoS Exploit Last month a new bug have been found in IRCu...
  3. mIRC Local DCC Issue: Exploit, Vulnerability or Neither? mIRC has seen issues with DCC exploits in the past....
  4. XChat 2.8.7e for Windows has been released Just a little more than 2 weeks after the last...
  5. XChat 2.8.7a for Windows Released Version 2.8.7 released the 20th of last month has been...

Tags: , ,

This entry was posted on Friday, September 23rd, 2005 at 4:18 pm and is filed under Clients, Hack, IRC. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply