This is an amazing story, I couldn’t quite believe it at first. A strange twist in the ongoing browser wars it seems. A new security flaw in Microsoft Internet Explorer can compromise the open source Mozilla Firefox browser, if it’s installed on the same Windows system. At first I thought it might be a deliberate ploy on Microsoft’s part, then I realized I was being a little too cynical and the vulnerability was probably organic. Besides, I don’t think MS have the competence to deliberately pull this off anyway 😉
Here’s the details. It’s been discovered that if a user clicks certain malicious links within their IE browser it can call Firefox via a Windows command line argument and execute remote code in the background. This is a hackers dream but experts have been quick to stress there’s no evidence of the exploit actually being used in the wild as yet. It’s been confirmed as affecting Firefox 220.127.116.11 and Mozilla have been quick to stress this will be patched in version 18.104.22.168 of the browser, due out soon. Obviously they can’t patch the flaw in IE because MS are very protective over their precious code. You might wanna check out the full details of this story in the Linux Insider article below:
CLICK HERE FOR THE FULL ARTICLE
It’s seems a little worrying to me that these sort exploits are regularly publicised in this way, often with an accompanying statement saying “don’t worry hackers don’t know about it yet”… well they didn’t know until you decided to go and tell the whole world you idiots. Tell us when you’ve patched the exploit and not before, wouldn’t that be a safer option?
In the meantime if you’re on Windows, have Firefox installed and for some reason still browse in IE you’ve been warned. Of course there is a simple solution to this vulnerability though, I think you know what I’m going to say…. an Ubuntu LiveCD, you know it makes sense 🙂