FierceCIOFierceCIOTechWatchFierceMobileITFierceContentManagement   FierceVoIPFierceHealthITFierceFinanceIT

Mozilla to issue workaround for .ANI bug

April 4, 2007 — 8:01pm ET
Tools
  • Email
  • Print
  • Comment
  • Digg
  • Reddit
Tags
exploits
Internet Explorer (IE)
IT Security
Firefox
Software Patches
Mozilla
Software News

This whole .ANI (Windows Animated Cursor) exploit fiasco sure is making Mozilla look bad. Some accused the foundation of dragging its feet when a patch wasn't issued in a timely manner and for not taking advantage of Protected Mode in Windows Vista, which can help lessen the damage in the event of an attack. Mozilla, however, asserts that this is a flaw in Windows and as such, cannot be patched in Firefox. "The ANI vulnerability is caused by a Windows error…it can be exploited through both Firefox and Internet Explorer," Mozilla VP of engineering Mike Schroepfer stated. Regardless, Mozilla will release a "workaround" to block the attack vector used in the .ANI exploits. The workaround will be included in a future Firefox security update.

For more on the workaround:
- see this ZDnet article

Be the first to comment

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.

More information about formatting options

What is 5 + 8?
To combat spam, please solve the math question above.