On TechRepublic: Five super-secret features in Windows 7
BNET Business Network:
BNET
TechRepublic
ZDNet

April 4th, 2007

Mozilla to ship Firefox 'workaround' for .ANI exploit

Posted by Ryan Naraine @ 2:02 pm

Categories: Botnets, Browsers, Data theft, Exploit code, Firefox, Google, Hackers, Microsoft, Mozilla, Open source, Patch Watch, Pen testing, Responsible disclosure, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research, Windows Vista, Zero-day attacks

Tags: Mozilla Firefox, Vulnerability, Microsoft Windows, Mozilla Corp., Ryan Naraine

Mozilla is considering a "workaround" to block the attack vector that puts Firefox users at risk of attacks exploiting the Windows animated cursor (.ani) vulnerability.

Because Firefox uses the Windows API function that triggers the vulnerable code, the .ani vulnerability can be exploited through Firefox.  (See this Flash demo by Alexander Sotirov, the researcher who discovered the vulnerability).

However, there is no vulnerability for the Firefox developers to patch (once the MS07-017 patch is applied, the user is protected).  Still, Mozilla's VP of engineering Mike Schroepfer said the company is mulling a workaround to reduce the attack surface for Windows users.
 
"The ANI vulnerability is caused by a Windows error…it can be exploited through both Firefox and Internet Explorer," Schroepfer stressed.  

The workaround, which will amount to application hardening, will be fitted into a future Firefox security update.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 15 Talkback(s)
happy And that's the rest of the story.
Well that is open source isn't it. Find a problem fix a problem.
The threat might of been a day for the small audience using firebug as it isn't very useful for anything except degugging code.

The original author is much like george and always grasping at straws.... (Read the rest)
Posted by: gotitright Posted on: 04/06/07 You are currently: a Guest | | Terms of Use
Why not just patch?  larry@... | 04/04/07
Agreed  Brandon Dixon | 04/04/07
Nothing to Patch  NWeber@... | 04/04/07
It's got nothing to do with MS's "new" security scheme  mdsmedia | 04/04/07
Right, not NEW but OVERALL security scheme  LittleGuy | 04/05/07
Correction...  Knorthern Knight | 04/05/07
You don't depend on others to resolve your problem  bportlock | 04/05/07
You must depend on MS when it's not your problem!  jacarter3 | 04/05/07
Firefox / Firebug critical vulnerability!! ( for George, he loves 'em)  Scrat | 04/05/07
That vulnerability is fixed. Try again! laugh  TechExec2 | 04/06/07
happy And that's the rest of the story.  gotitright | 04/06/07
Incorrect  Spats30 | 04/05/07
appending  Spats30 | 04/05/07
You are totally incorrect.  osreinstall | 04/05/07
SP0 and SP1 are no longer supported or tested  PB_z | 04/05/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement

Recent Entries

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Meet Doc

  • Here to help you with your Document Management Needs
  • Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
  • To learn more about this mysterious figure check out his blog on ZDNet and his Workspace on TechRepublic. You’ll be glad you did.
  • Produced by
    ZDNet and