OxyGyan

Welcome technology as you like it…

  • Packed & Moved

  • Einsty – He is cool!!

    Einsty- is here to help you and give you tips...
    Einsty

    Subscribe to get update via e-mail.

  • a

  • RSS Sam Ideas

  • Counting..

    • 33,777 hits since 22 Feb 2007
«
»

Mozilla Clients Will Now Ignore Alternate Server Address

Posted by Sandeep Jain on March 21, 2007

Mozilla Clients have been powerfully fighting with all the security issue that knocks there door, this time they have a shown a red flag to another security threat, caused by the use of FTP and alternate server address connection technique.

What is Server Address?

It’s unique name or say number identifying the server as a whole in front of thousand other server’s and computers. The two computer of different private network can have same server address, but the computer’s of same network must have different addresses.

How it(FTP connection to Alternate Server Address) harms?

The harmful action of alternate server address comes into the picture when, some flaw codes in FTP client connects to the other (not the desired) server, that host the web site containing some malicious code (the code which can directly put it’s word into the user’s machine). This specifically coded web pages perform some unwanted port scan of machines inside the firewall, thus breaking the security. This small problem can harm the machine very badly. Although this type of strategy is rarely used but, it’s dangerous.

If interested in detail studies then check out this PDF from bindshell.net, where they explain us that how this technique can be bad for common web browser like Firefox, opera and more.

What have Firefox done now?

The Firefox, have taken this issue seriously and have released the new minor version of Firefox 2. They have come up with Firefox 2.0.0.3 which have a crack for this kind of problems. The new version of this Firefox is available on FTP site.

Hey! people, although it’s available on FTP site, but don’t download/install it, wait till your browser prompts for update(Only if you are using Firefox browser).
My say

With the release of the last version Firefox 2.0.0.2, almost nine security issues were fixed, but this time only one?Why so? Was it necessary to release this(2.0.0.3) version so early, even when the Mozilla itself have said that, this seecurity issue has less threat?

More:

This entry was posted on March 21, 2007 at 2:46 pm and is filed under Sandeep Jain, Software. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

«
»