 |
 |
 |
 |
 |
Information about your favorite browser: news, articles and more.
Firefox ANI exploit on the way - no protected mode
Published April 10th, 2007 in Browser Security, Exploits & Vulnerabilities, Firefox
Determina is previewing a version of the ANI exploit that will hijack Mozilla Firefox 2 as well as 
Internet Explorer 7 running on Vista (with default DEP settings mostly turned off). DEP could have stopped this exploit from running, but it’s turned off for most applications in Windows by default. At this time, Alexander Sotirov (chief reverse engineer at Determina) has said that the proof-of-concept exploit code won’t be released until there is a patch available in Firefox.
What’s interesting about this is the fact that Firefox doesn’t have the benefit of Protected Mode under Vista, which can somewhat mitigate the damage that can be done if Internet Explorer 7 is exploited by this vulnerability. While UAC will prevent the exploit from infecting the system with a persistent backdoor or rootkit, nothing prevents damage to the user’s data unless Protected Mode is implemented. ยป Firefox ANI exploit on the way - no protected mode | George Ou | ZDNet.com
