Security experts have recently discovered a new vulnerability in the open-source browser Firefox version 1.5.0.3 that could expose users to the risk of denial-of-service (DoS) attacks.
This security flaw arises within the browser’s image processing tags.
The SANS Internet Storm Center was the first to identify this vulnerability. Upon conducting further research, SANS found that this security issue could indeed be exploited for “malicious” purposes—specifically, denial-of-service attacks.
Initially, the exploitability of this flaw was dismissed by experts, who believed it was unlikely to be executed. According to their analysis, an image containing a hyperlink, when opened, would trigger a multimedia application to run a “.wav” file.
However, researchers have confirmed that a similar vulnerability could be exploited alongside JavaScript to create an application that sends and receives emails on the compromised system, opening multiple windows containing the “mailto:” command, which could cause the system to freeze.
Chris Mosby, the administrator of the myITforum.com forum, shared his advice for users on how to protect themselves against attacks leveraging this security flaw. He suggested: first, disabling the automatic launch feature of the email client in Firefox; second, disabling JavaScript and blocking the mailto command.
The browser developers have yet to issue an official statement regarding this security vulnerability.
Hoàng Dũng
