Application security, Patch/Configuration Management, Vulnerability Management

Securityview warns of new Firefox flaw

A new vulnerability has surfaced in Mozilla Firefox that could be exploited to launch a DoS attack, security firms warned today.

Monitoring service Securityview today confirmed the flaw, present in Firefox version 1.5.0.3.

When exploited, the vulnerability permits "JavaScript to generate image tags with the ‘mailto:’ link, which in turn will open the mail application automatically without any user interaction," according to the SANS Internet Storm Center.

"As a result, many mail windows will be opened, and the system will become unresponsive," SANS said.

As users await a patch, the group recommended configuring the email application so it does not start up automatically.

"Now, whenever you click on a mailto: link, you will first be asked if you would like to start your email application," SANS said. "In the case of this exploit, this will keep your system responsive, even though you may still have to click on all the dialogs."

The group also said disabling JavaScript or the mailto: link function are other workaround options, but they will be more "intrusive."

As of this afternoon, Firefox had not released an advisory on the vulnerability. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.