Firefox's Lack of Low Privilege Heightens ANI Patch Urgency


The security researcher who discovered the ANI vulnerability has pointed out that Firefox users who don't install the ANI patch are in danger of files being overwritten in an attack, given that the browser lacks a low privilege mode.

Firefox users have a greater need than do users running IE in protected mode to install the patch for the animated cursor flaw that caused Microsoft to rush out a security bulletin on April 3, given that Firefox lacks a low-privilege mode.

Alexander Sotirov, the security researcher at Determina who first discovered the ANI flaw and reported it to Microsoft in December, has posted a video depicting successful ANI vulnerability exploits on both Internet Explorer 7 and Firefox 2.0 running on Vista in default mode. Firefox's Lack of Low Privilege Heightens ANI Patch Urgency

Linked by shanmuga Tuesday, 10th April 2007 2:09AM