Fatma Bazargan’s blog


IE8 and Firefox 3.0.8
March 27, 2009, 11:52 am
Filed under: Security
Firefox & IE: sweet encounter!
Firefox & IE: sweet encounter!

Last week at CanSecWest security conference in Vancouver, British Colombia, a “single-click-and-you’re-owned exploit,” was unveiled in the beta release of Microsoft’s browser, Internet Explorer 8 (IE8). Microsoft confirmed that the vulnerability exists in the official release of IE8. The exploit apparently defies Microsoft’s DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) technologies.

 

On other hand, Mozilla announced that it will release next week Firefox 3.0.8 to close serious security vulnerability and this makes the second big exploit of Firefox in a week. The exploit code has been publicly posted and it provides an opening through which attackers can enter Firefox source code and modify it. If a Firefox user simply views a maliciously coded XML file on a website, in a style of attack known as a drive-by download.

 

By the way, the drive-by download affects Firefox running on all platforms, including Mac OS and Linux, according to Mozilla developer notes.

 

define: drive-by download (wikipedia)

Download of spyware, a computer virus or any kind of malware that happens without knowledge of the user. Drive-by downloads may happen by visiting a website, viewing an e-mail message or by clicking on a deceptive popup window: the user clicks on the window in the mistaken belief that, for instance, it is an error report from his own PC or that it is an innocuous advertisement popup; in such cases, the “supplier” may claim that the user “consented” to the download though s/he was completely unaware of having initiated a malicious software download.


The main issue is that end-users run their computers with administrative privileges, which enables an attacker to run code on a victim’s machine using the victim’s current privilege level (admin).

 

This type of attack can be prevented and mitigated if the end-user follows some of the below methods:

  • Avoid logging to your machine with an account that has administrative privileges. Log in as a normal user (low-privilege) unless if something is really required then you can always switch to account with admin privileges.
  • For those who are into virtual machines, always run your browser sessions in a contained virtual machine (Vmware, etc.), and in this way your browser session is completely segmented from your actual machine so even if the exploit is successful, you can always revert back to an earlier snapshot and as if you were never infected.
  • Finally if you use Firefox then run it in Restricted Mode and use the NoScript add-on for Firefox. This prevents JavaScript from running until you allow it to.

Safe browsing,

Fatma Bazargan

Advertisements

2 Comments so far
Leave a comment

keep it up

Comment by Laila

Thanks for passing Laila 🙂

Comment by Bazargan




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s



%d bloggers like this: