×
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.

PC Takeover Flaw in Mozilla, Netscape

Download our in-depth report: The Ultimate Guide to IT Security Vendors

Security researchers have discovered a ''highly critical'' security hole in the Netscape and Mozilla browsers that puts users at risk of computer takeover.

According to an advisory from iDefense, the vulnerability is caused by an integer overflow within the SOAPParameter object's constructor.

SOAPParameter objects handle support for SOAP, the XML-based messaging protocol that defines rules for structuring messages. ''Successful exploitation allows the remote attacker to execute arbitrary code in the context of the user running the browser,'' iDefense warned.

The company warned that the flaw can be exploited via specially created Web pages containing malicious Javascript. Browser products affected include Mozilla 1.6; and Netscape versions 7.0 and 7.1.

The open-source Mozilla Foundation has released an update to fix the flaw.

''Netscape has not released any information indicating they are intending to release future versions of the Netscape browser, and no longer have any developers working on this project,'' iDefense said.

The research firm recommends that users disable Javascript in the browser as a workaround.

This article was first published on internetnews.com.

Submit a Comment

Loading Comments...