| MozTW 討論區 https://forum.moztw.org/ |
|
| Firefox also vulnerable to Windows cursor exploit ..... https://forum.moztw.org/viewtopic.php?f=22&t=18317 |
第 1 頁 (共 1 頁) |
| 發表人: | yume [ 2007-04-04, 03:32 ] |
| 文章主題 : | Firefox also vulnerable to Windows cursor exploit ..... |
Computerworld, MA 寫: Contrary to other reports, Mozilla Corp.'s Firefox 2.0 is vulnerable to attackers armed with the Windows animated (ANI) cursor exploit, a researcher said today.
全文: Firefox also vulnerable to Windows cursor exploit, says bug's finder |
|
| 發表人: | BabySatan [ 2007-04-04, 09:48 ] |
| 文章主題 : | |
yume 寫: Computerworld, MA 寫: Contrary to other reports, Mozilla Corp.'s Firefox 2.0 is vulnerable to attackers armed with the Windows animated (ANI) cursor exploit, a researcher said today. 全文: Firefox also vulnerable to Windows cursor exploit, says bug's finder 這個我覺得有點奇怪 Firefox 不是不支援 .ani 嗎? 不支援的格式怎麼會去處理並進一步被入侵? |
|
| 發表人: | coolcd [ 2007-04-04, 10:56 ] |
| 文章主題 : | |
BabySatan 寫: 這個我覺得有點奇怪 Firefox 不是不支援 .ani 嗎? 不支援的格式怎麼會去處理並進一步被入侵? 其實報導有寫 引言回覆: "It turns out that Firefox uses the same vulnerable Windows component to process .ani files, which can be exploited in a way similar to Internet Explorer,"Sotirov said during the demo.
PS. 那位 Vulnerability Researcher 的聲音好溫柔... |
|
| 發表人: | BabySatan [ 2007-04-04, 11:21 ] |
| 文章主題 : | |
coolcd 寫: 其實報導有寫
引言回覆: "It turns out that Firefox uses the same vulnerable Windows component to process .ani files, which can be exploited in a way similar to Internet Explorer,"Sotirov said during the demo. PS. 那位 Vulnerability Researcher 的聲音好溫柔... 呃...我的問題就在於 不支援 .ani 又怎麼會去 "process .ani files"? 實在是想不透... |
|
| 發表人: | coolcd [ 2007-04-04, 13:27 ] |
| 文章主題 : | |
BabySatan 寫: 呃...我的問題就在於
不支援 .ani 又怎麼會去 "process .ani files"? 實在是想不透... 不好意思,我好像有點讀錯方向了。 看到英文,覺得是 Fx 是調用 Windows 的 component 來處理 ani,所以有同樣的漏洞,但卻沒想到,既然調用 Windows 的元件,為什麼不支援 ani?可能得從很底層的程式碼才有辦法理解吧(sorry, 都是廢話... -_-")。 話說回來,Fx 2 尚不支援 Vista 的 Protected Mode,讓人對它未來的安全性有點憂心啊~從這點來看,IE7 似乎比 Fx 2 要安全一點,在 Protected Mode 下,頂多資料外洩,不會有損毀的危機。 More Information |
|
| 發表人: | coolcd [ 2007-04-04, 15:23 ] |
| 文章主題 : | |
剛知道這個漏洞 才發現微軟已經發布安全性更新了 http://www.microsoft.com/technet/securi ... 35423.mspx http://www.microsoft.com/technet/securi ... 7-017.mspx Windows Update 一下吧~ 需要重新開機 Orz |
|
| 第 1 頁 (共 1 頁) | 所有顯示的時間為 UTC + 8 小時 |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|