PCWorld.com

<< See all Cell Phones Articles

New Attack Gets at Firefox Through IE

  • Stuart J.Johnston

Harry Campbell
Beware, dual browser users: In a rare twist, a Mozilla Firefox browser bug could give an attacker control of your PC if you happen to click a booby-trapped link in Microsoft's Internet Explorer.

If you browse with IE but don't have Firefox installed, you're fine. If you browse with Firefox, you're hunky-dory. But if you have both and click a poisoned link in IE, Microsoft's browser will start Firefox, which will run the attack command contained in the passed-along URL.

Though each group said that the other was at fault, Mozilla released a fix in its version 2.0.0.5 update, sent via Firefox's automatic update feature. If you're an IE user and haven't started Firefox in a while, fire up the alternate browser and select HelpCheck for Updates. Check out the Firefox patch, which also squashes a few other security bugs.

Holey iPhone

A problem in the iPhone's Safari browser introduces a hole that an attacker might exploit via a drive-by download from a malicious Web page to take over the phone. Researchers at Independent Security Evaluators discovered the flaw, which affects Mac and Windows versions of Safari, too. To make sure you have the mobile fix, connect your iPhone to your PC, select your phone in iTunes, and click Update. For details and links, see Mac and Windows patches.

Crucial Microsoft Fixes

Microsoft's latest batch of patches (all available via Automatic Updates) corrects three critical flaws, along with other less dangerous holes. The most important vulnerability affects users of Windows XP SP2 and 2000 SP4 who've installed versions 1.0, 1.1, or 2.0 of the popular .Net Framework, used by many programs--including some excellent free downloads. Viewing a poisoned site with IE could trigger an attack. And an Excel vulnerability could expose your PC to a takeover if you open a tainted spreadsheet in Excel 2000. The flaw is rated only "important" for newer Excel versions. The other critical flaw is mostly for IT administrators, as it hits Windows 2000 Server and Server 2003's implementation of Active Directory.

Flawed Flash

Adobe's Flash Player can trigger an attack if you open a specially crafted .swf movie file in versions matching or prior to 9.0.45.0, 8.0.34.0, or 7.0.69.0 on any supported OS. Use the auto-update feature to get the fix.

QuickTime Pitfalls

Apple scotched a bevy of nasty bugs in its QuickTime player that would let attackers run any command on your system after you viewed a rigged site or opened a hacked movie file. Versions prior to 7.2 for Windows XP SP2, Windows Vista, and Mac OS X are at risk. Apple's security bulletin has details, plus links to the corrected version, sent via Apple's automatic updates.

Bugged?

Found A hardware or softA-ware bug? Send us an e-mail on it to bugs@pcworld.com.

1 of 1 Yahoo! users found this helpful

Was this helpful to you? Yes | No

Product Categories

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio

Today On...

Consumer Reports thumbnail
Consumer Reports

Don't Buy Without Them

For unbiased ratings and reviews on thousands of products, get expert advice from Consumer Reports. Read More

Yahoo! Health thumbnail
Yahoo! Health

Tips for Healthy Internet Use

Find a better relationship with technology Read More

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.