Firefox also vulnerable to Windows cursor exploit


Contrary to other reports, Mozilla's Firefox 2.0 is vulnerable to attackers armed with the Windows animated (ANI) cursor exploit, a researcher said Tuesday.

Alexander Sotirov, the vulnerability researcher at Determina who discovered the ANI flaw last December and notified Microsoft of it later that month, yesterday posted a demonstration of an ANI exploit that hijacks a PC when Firefox users are conned into visiting a malicious site.

"It turns out that Firefox uses the same vulnerable Windows component to process .ani files, which can be exploited in a way similar to Internet Explorer," Sotirov said during the demo. Computerworld - Firefox also vulnerable to Windows cursor exploit

Linked by shanmuga Tuesday, 10th April 2007 1:49AM