Vector
09-05-2005 20:10:02
[quote655394f073="RichB"][quote655394f073]The advisory explains that a successful attack involves exploiting two flaws one involves tricking Firefox into thinking a software installation is being triggered by a whitelisted site, while the other relies on the software installation trigger not sufficiently checking icon URLs containing JavaScript code. The Secunia advisory suggests disabling JavaScript as a workaround; however, simply disabling software installation (Web Features panel of the Options/Preferences window in Firefox 1.0.3 or the Content panel in the latest trunk builds) eliminates the problem.[/quote655394f073]
http//www.mozillazine.org/talkback.html?article=6582
Personally, I always disable that software installation option myself until I need to install an extension or theme.
// edit
Mozilla is recommending disabling javascript before visiting untrustworthy sites until the patch is available[/quote655394f073]
theysayjump
09-05-2005 20:15:07
yeah i only use the "install" option when im using themes & extensions also. i wouldnt trust using it anywhere else.
it is a very useful tool though.